Tag Archive | ubuntu

Ubuntu secure-boot support is broken

If you install Ubuntu on a computer with secure-boot enabled, then it will probably boot.  And maybe that’s all you want.

If so, you probably won’t be concerned about what I am describing here.

However, secure-boot is supposed to verify many of the steps in the boot path.  And that’s where I see Ubuntu as broken.

I’m basing this on tests that I have done on Ubuntu-17.04 and Ubuntu-gnome-17.04.

Quick summary

First a brief summary of the problems that I am seeing:

  1. Ubuntu will boot without checking a signature on the kernel.
  2. Under some circumstances, Ubuntu will complain about a bad signature, and refuse to boot, even though secure-boot has been disabled.

Read More…

Ubuntu-gnome 17.04

I have already reviewed Ubuntu-17.04.  However, the Ubuntu folk (i.e. Canonical) had already announced that, starting with 18.04, they would switch their mainline version from the Unity desktop to the Gnome desktop.  So I decided to also test out the 17.04 version of Ubuntu with Gnome desktop.

I installed Ubuntu-gnome in an already existing encrypted LVM.  The machine that I used actually has two hard drives, with an encrypted LVM on each drive.  So this was a different LVM from the one that I used for the mainline Ubuntu (with unity).  Currently, both versions of Ubuntu are installed on that machine.

Read More…

Ubuntu 17.04 – a review

Ubuntu 17.04 was announced a few days ago.  I had already decided that I would install it, and do a little testing.  So, once I saw the announcement, I started a download.

Downloading

To download, I followed the links from the announcement to the download page.  From there, I selected the torrent download.  I was using the “vivaldi” browser, and it gave me several options with the torrent link.  I chose the option to open the file.  And that started the download with “ktorrent”.

I also downloaded “SHA256SUMS.desktop” and “SHA256SUMS.desktop.gpg”.  Next, I checked the gpg signature with

gpg --verify SHA256SUMS.desktop.gpg SHA256SUMS.desktop

which showed that I had a good download of the checksum file.  After the torrent download had completed, I checked its validity with

sha256sum -c SHA256SUMS.desktop

That reported that the downloaded iso file was ok.  It also reported that some files did not exist.  I ignored that.  It was just that the checksum file had checksums for other isos that I had not downloaded.

Read More…

Installing kubuntu 16.04 in an existing encrypted LVM

Ubuntu 16.04, in several different varieties, came out last week.  So I decided to give the kubuntu variant a try.  I planned to install in an existing LVM.  I knew, from previous experience, that this could be tricky.  And, to make it more tricky, I wanted “/boot” to be inside that encrypted LVM.

It didn’t quite work out.  I am successfully booting it using the grub2-efi from opensuse.  I was unable to get the grub-efi from kubuntu to work.

Background

I planned to install this to replace an experimental Tumbleweed.  I had originally set that up a year ago, to test using opensuse with “/boot” part of the encrypted LVM.  That test is now well past, and the opensuse bugs have been fixed.  So that disk space was free for kubuntu.

Read More…