The immediate cause of the test failure is that 90-uki-copy.install is
run with a kernel image where $KERNEL_IMAGE_LAYOUT=uki. If that variable
was set to something else, this plugin would be skipped. That is what
happens on all other arches.
The reason this is *not* skipped on arm64 is due to stubble[1]. I.e.,
the arm64 kernel images have an efi stub called stubble, and the kernel
image is packed with ukify. Because it's packed with ukify, it gains
some additional PE sections for metadata like .osrel.
The systemd tools then use that as a heuristic for deciding if a kernel
image is a UKI or not[2].
For example:
root@r:~# dpkg-deb -R linux-image-6.17.0-6-generic_6.17.0-6.6_arm64.deb .
root@r:~# SYSTEMD_LOG_LEVEL=debug kernel-install inspect
boot/vmlinuz-6.17.0-6-generic
Loaded config.
MACHINE_ID=57604e1d45ff49aeb684dc8b4ca2e906 set via /etc/machine-id.
Found container virtualization lxc.
Directory "/boot" is not the root of the file system.
Couldn't find an XBOOTLDR partition.
Failed to check file system type of "/efi": No such file or directory
File system "/boot" is not a FAT EFI System Partition (ESP) file system.
Failed to check file system type of "/boot/efi": No such file or directory
Couldn't find EFI system partition, ignoring.
KERNEL_INSTALL_BOOT_ROOT autodetection yielded no candidates, using "/boot".
Using entry token: 57604e1d45ff49aeb684dc8b4ca2e906
kernel version (6.14.0-35-generic) set via command line.
kernel image file (/root/boot/vmlinuz-6.17.0-6-generic) set via command line.
Kernel image type is uki, using layout=uki.
Using ENTRY_DIR=/boot/57604e1d45ff49aeb684dc8b4ca2e906/6.14.0-35-generic
Successfully forked off '(pager)' as PID 1549.
PR_SET_MM_ARG_START failed: Operation not permitted
sd_pid_get_owner_uid() failed, enabling pager secure mode: No data available
Pager executable is "less", options "FRSXMK", quit_on_interrupt: yes
Machine ID: 57604e1d45ff49aeb684dc8b4ca2e906
Kernel Image Type: uki
Layout: uki
Boot Root: /boot
Entry Token Type: machine-id
Entry Token: 57604e1d45ff49aeb684dc8b4ca2e906
Entry Directory: /boot/57604e1d45ff49aeb684dc8b4ca2e906/6.14.0-35-generic
Kernel Version: 6.14.0-35-generic
Kernel: /root/boot/vmlinuz-6.17.0-6-generic
Initrds: (unset)
Initrd Generator: (unset)
UKI Generator: (unset)
Plugins: /usr/lib/kernel/install.d/50-depmod.install
/usr/lib/kernel/install.d/55-initrd.install
/usr/lib/kernel/install.d/90-loaderentry.install
/usr/lib/kernel/install.d/90-uki-copy.install
Plugin Environment: LC_COLLATE=C.UTF-8
KERNEL_INSTALL_VERBOSE=0
KERNEL_INSTALL_IMAGE_TYPE=uki
KERNEL_INSTALL_MACHINE_ID=57604e1d45ff49aeb684dc8b4ca2e906
KERNEL_INSTALL_ENTRY_TOKEN=57604e1d45ff49aeb684dc8b4ca2e906
KERNEL_INSTALL_BOOT_ROOT=/boot
KERNEL_INSTALL_LAYOUT=uki
<================== Detected as UKI
KERNEL_INSTALL_INITRD_GENERATOR=
KERNEL_INSTALL_UKI_GENERATOR=
KERNEL_INSTALL_STAGING_AREA=/var/tmp/kernel-install.staging.XXXXXX
Plugin Arguments: add|remove
6.14.0-35-generic
/boot/57604e1d45ff49aeb684dc8b4ca2e906/6.14.0-35-generic
/root/boot/vmlinuz-6.17.0-6-generic
[INITRD...]
So, in the dracut test, since nothing else specifies
KERNEL_INSTALL_LAYOUT (or configures layout= in install.conf), the auto
logic falls back to detecting the layout itself. And, according to the
heuristic, our arm64 kernel images look like UKIs, but they are not
quite that. And, they don't have .efi extensions, which this plugin
expects.
I have had some discussions already with upstream systemd, and with
stubble folks about the best way to handle this, but nothing was
addressed yet. One idea was for the systemd tools to expect .sdmagic,
but that felt too restrictive. The other idea as to add --no-osrel to
ukify, and have the stubble images be built with that. That would
prevent systemd tools from detecting these images as UKIs.
Finally, a workaround would be to configure layout=other in e.g.
/etc/kernel/install.conf (or a more appropriate drop-in). That way, the
kernel image won't be considered a UKI, and the 90-uki-copy.install
plugin will be a no-op.
[1]
https://discourse.ubuntu.com/t/spec-stubble-a-secure-boot-friendly-device-tree-loading-efi-stub/66278
[2] https://github.com/systemd/systemd/blob/v259-rc2/src/shared/pe-binary.c#L254
** Changed in: systemd (Ubuntu)
Status: New => Triaged
** Changed in: systemd (Ubuntu)
Assignee: (unassigned) => Nick Rosbrook (enr0n)
** Changed in: systemd (Ubuntu)
Milestone: None => ubuntu-26.04
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2133402
Title:
TEST-43-KERNEL-INSTALL fails on arm64: /boot/vmlinuz-6.17.0-5-generic
is missing .efi suffix
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dracut/+bug/2133402/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
