Two Silverblue systems here got hit by the secure boot signature bootloader bug on the upgrade that brought in a new kernel. Good thing there are rollbacks (to boot an older version) and a workaround.
Issue: github.com/fedora-silverblue/i…
Workaround to keep using secure boot (run these commands on a working boot): github.com/fedora-silverblue/i…
Hopefully there's an automatic fix soon? ('bootupd' should be the long term fix for this.)
#Silverblue #Kinoite #Fedora #Atomic #FedoraAtomic #Linux
Boot fails with "vmlinuz has invalid signature" or "bad shim signature, you need to load the kernel first" · Issue #543 · fedora-silverblue/issue-tracker
Current workaround See #543 (comment) Original issue text Describe the bug Trying to rebase an existing SB39 to SB40 fails to boot showing vmlinuz-6.8.1-300.fc40.x86.x64 has invalid signature. you ...GitHub
Emmanuele Bassi
in reply to Garrett LeSage • • •Hubert Figuière reshared this.
Emmanuele Bassi
in reply to Emmanuele Bassi • • •not the first time Fedora shat the bed on this kind of changes, either:
- Let's do this in the next cycle
- Have you considered possible regressions?
- We definitely should
[nobody considers regressions]
It's like an am-dram version of Waiting for Godot.
Hubert Figuière
in reply to Garrett LeSage • • •Garrett LeSage
in reply to Hubert Figuière • • •@hub As long as you can boot, you should be able to run that workaround.
(I would've expected an automated fix not long after it was filed on 28 March, but here we are in mid-June, with just the workaround.
There is another workaround of not using secure boot, but I don't consider that a valid workaround. The copy files from one place to another is the correct workaround fix.
It just should've been automated at this point, really. 😢)
Hubert Figuière
in reply to Garrett LeSage • • •both are super shit. and yes it should have been a P1 blocker,.
But it's SilverBlue. Has been a let down from day one.
Garrett LeSage
in reply to Hubert Figuière • • •@hub I mean, all OSes have their issues (a recent Windows release accidentally made the start menu not available, for example).
But yeah, I agree. This should be a P1.
Bugs in Fedora's Atomic builds should be high-priority blockers with quick fixes, especially when they're as serious as not being able to update and/or boot a new version. (Both, even, in this case.)
Hubert Figuière
in reply to Garrett LeSage • • •