Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

When Secure Boot enabled, OS is stuck in an infinite boot loop #267

Open
klvnptr opened this issue Jul 22, 2023 · 3 comments
Open

When Secure Boot enabled, OS is stuck in an infinite boot loop #267

klvnptr opened this issue Jul 22, 2023 · 3 comments

Comments

@klvnptr
Copy link

klvnptr commented Jul 22, 2023

Hey Guys

We wanted to test the Secure Boot feature on Balena OS (v3.0.15) using a J6412 based x64 motherboard.

  • We reset the BIOS and entered into Secure Boot setup mode
  • USB drive inserted, booted, in the cloud dashboard we wait a minute or two for system to copy all files to the SSD drive
  • Installer correctly shuts down the system (all LEDs are off)
  • We restarted the machine, set boot device to SSD UEFI and it is stuck in a "Post Provisioning state"

It keeps rebooting after the "Welcome to GRUB" text. Kinda looks like, Secure Boot feature is working but it might have some problem mounting the LUKS root partition. If we enable Secure Boot in the BIOS, the boot process successfully gets to GRUB, so probably signatures are okay, because we tried resetting the keys in the BIOS and it correctly threw and incorrect signature error upon booting.

We followed this guide:
https://blog.balena.io/balenaOS-secure-boot-and-disk-encryption-for-x86-64/

Here are things we have tried:

  • Without Secure Boot (--secureBoot), OS image works perfectly
  • We tried it with Prod and Dev images as well
  • We tried the first boot in the BIOS with Secure Boot enabled and disabled
  • In the BIOS the boot order is clean, so all boot order options are disabled except for the first one which is set to USB UEFI, and after the shutdown we set it SSD UEFI.

Interesting thing we sometimes notice: On the first boot the installer creates a device in the fleet, something happens, installer reboots and restart the installer and creates another device. It is all by itself. Then system shuts down for first boot.

Is there any way to get more verbose error messages to help further the investigation?

Thank you.
@alexgg
Copy link
Collaborator

alexgg commented Jul 27, 2023

hi @klvnptr thanks for reporting this and testing the secure boot feature.

Could I ask you to please raise this through the forums? We can then assist you in debugging this.

@rosswesleyporter
Copy link

hi @klvnptr, thank you for the good description. When you post to the forums, please provide a link to the hardware that you are using. You noted that it is a J6412 based x64 motherboard. But it would be helpful to also know the manufacturer etc. As the necessary settings do vary from BIOS to BIOS. For instance, based on your symptoms, I'm guessing that you may be using an ASUS motherboard.

@klvnptr
Copy link
Author

klvnptr commented Jul 29, 2023

hello. thanks for your help, here it is. also included screenshots from BIOS settings.

https://forums.balena.io/t/when-secure-boot-enabled-os-is-stuck-in-an-infinite-boot-loop/368440

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@alexgg @klvnptr @rosswesleyporter