Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1491459 - shim.efi missing from EFI partition, causes upgraded systems not to boot
Summary: shim.efi missing from EFI partition, causes upgraded systems not to boot
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: shim-signed
Version: 27
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Peter Jones
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: AcceptedBlocker
Depends On:
Blocks: F27BetaBlocker
TreeView+ depends on / blocked
 
Reported: 2017-09-13 21:56 UTC by Adam Williamson
Modified: 2017-11-16 18:51 UTC (History)
4 users (show)

Fixed In Version: shim-signed-13-0.5
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-09-16 05:55:41 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Adam Williamson 2017-09-13 21:56:00 UTC 
The shim-x64 package currently in F27 stable - shim-x64-13-0.4 - contains no 'shim.efi' file or link. This isn't a problem for new installs, as anaconda now creates EFI boot manager entries pointing to 'shimx64.efi'. However, it *is* a big problem for existing UEFI installs that are upgraded to Fedora 27, as their EFI boot manager entries still point to 'shim.efi', which is no longer present, so they'll fail to boot properly.

The fallback path may perhpas save some cases, but not all - e.g. if Windows is also installed, many firmwares won't fall through to the fallback path, they'll just boot Windows instead, so the user has no easy way to get into Fedora at all any more.

13-0.5 fixes this, but it's stuck in updates-testing and we're in Beta freeze, so I'm filing this bug so we can grant it FE or blocker status and push the update stable. Nominating as a Beta blocker as a violation of "For each one of the release-blocking package sets, it must be possible to successfully complete a direct upgrade from fully updated installations of the last two stable Fedora releases with that package set installed" in the case of a UEFI install, as the upgraded system may well fail to boot due to this bug.
Comment 1 Fedora Update System 2017-09-13 21:57:27 UTC 
shim-signed-13-0.5 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-249267e56b
Comment 2 Dennis Gilmore 2017-09-14 17:26:07 UTC 
+1 Beta Blocker
Comment 3 Adam Williamson 2017-09-15 02:18:15 UTC 
Discussed at 2017-09-14 Beta Go/No-Go meeting, acting as a blocker review meeting: https://meetbot-raw.fedoraproject.org/fedora-meeting-2/2017-09-14/f27-beta-go-no-go-meeting.2017-09-14-17.00.html . Accepted as a blocker as a violation of Beta criterion "For each one of the release-blocking package sets, it must be possible to successfully complete a direct upgrade from fully updated installations of the last two stable Fedora releases with that package set installed...The upgraded system must meet all release criteria." in the case of UEFI installs, as the upgraded system may well fail to boot.
Comment 4 Fedora Update System 2017-09-16 05:55:41 UTC 
shim-signed-13-0.5 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Vidar Akselsen 2017-11-16 18:51:35 UTC 
I was also dropped into shim key management on two distinct systems after doing a "dnf upgrade" followed by "dnf autoremove" and a reboot on 15th of Nov. Both systems where upgraded from F26 to final F27. I believe both systems where using UEFI boot and gpt. The first system AMD Athlon 5350 based PC and the other a Lenovo t440p laptop (Intel) with secureboot disabled.
Note You need to log in before you can comment on or make changes to this bug.