[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1102182: efibootmgr: If Secure Boot is enabled, the system may not start after rebooting

Package: efibootmgr
Version: 17-2
Severity: normal

Dear Maintainer,

In an environment with Secure Boot enabled, running apt full-upgrade and rebooting may result in an inability to boot.
Debian registers both SHIMX64.EFI and GRUBX64.EFI in the EFI boot manager, but this priority may change on its own when apt full-upgrade is performed.
Therefore, even if SHIMX64.EFI is set as the first priority in advance, GRUBX64.EFI may change to the first priority by performing an update.

This problem can be avoided by starting UEFI Setup and manually correcting it when a reboot is performed.
This can be a major hindrance for headless machines that cannot access UEFI Setup remotely.

-- System Information:
Debian Release: 12.10
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-32-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages efibootmgr depends on:
ii  libc6        2.36-9+deb12u10
ii  libefiboot1  37-6
ii  libefivar1   37-6
ii  libpopt0     1.19+dfsg-1

efibootmgr recommends no packages.

efibootmgr suggests no packages.

-- no debconf information
Reply to: