When Secure Boot enabled, OS is stuck in an infinite boot loop #267
Description
Hey Guys
We wanted to test the Secure Boot feature on Balena OS (v3.0.15) using a J6412 based x64 motherboard.
- We reset the BIOS and entered into Secure Boot setup mode
- USB drive inserted, booted, in the cloud dashboard we wait a minute or two for system to copy all files to the SSD drive
- Installer correctly shuts down the system (all LEDs are off)
- We restarted the machine, set boot device to SSD UEFI and it is stuck in a "Post Provisioning state"
It keeps rebooting after the "Welcome to GRUB" text. Kinda looks like, Secure Boot feature is working but it might have some problem mounting the LUKS root partition. If we enable Secure Boot in the BIOS, the boot process successfully gets to GRUB, so probably signatures are okay, because we tried resetting the keys in the BIOS and it correctly threw and incorrect signature error upon booting.
We followed this guide:
https://blog.balena.io/balenaOS-secure-boot-and-disk-encryption-for-x86-64/
Here are things we have tried:
- Without Secure Boot (--secureBoot), OS image works perfectly
- We tried it with Prod and Dev images as well
- We tried the first boot in the BIOS with Secure Boot enabled and disabled
- In the BIOS the boot order is clean, so all boot order options are disabled except for the first one which is set to USB UEFI, and after the shutdown we set it SSD UEFI.
Interesting thing we sometimes notice: On the first boot the installer creates a device in the fleet, something happens, installer reboots and restart the installer and creates another device. It is all by itself. Then system shuts down for first boot.
Is there any way to get more verbose error messages to help further the investigation?
Thank you.