Re: [Tails-testers] Call for testing: Secure Boot, GRUB, a…

Delete this message

Reply to this message
Author: alienpup
Date:  
To: intrigeri
CC: Tails list for early testers
Subject: Re: [Tails-testers] Call for testing: Secure Boot, GRUB, and overlayfs

> intrigeri wrote:
> > Hi,
> >
> > our first USB images that support Secure Boot are out!
> >
> > Under the hood, they include two major technical changes:
> >
> > - switch the boot loader from syslinux to GRUB for EFI boot
> >
> > - switch from aufs to overlayfs
> >
> > Please consider testing them :)
> >
> > Here's how:
> >
> > 1. Download the USB image (.img) from
> >
> > https://nightly.tails.boum.org/build_Tails_ISO_feature-6560-secure-boot/lastSuccessful/archive/build-artifacts/
> >
> > 2. Install the downloaded USB image to a spare USB stick,
> >    using Etcher (Windows, macOS) or GNOME Disks (Linux).

> >
> > 3. Start from this USB stick on various computers
> >
> >    In particular, we're interested in test results on:

> >
> >     - computers configured to start in EFI mode

> >
> >     - computers with Secure Boot enabled

> >
> >     - Apple computers, especially recent MacBooks where current Tails
> >       releases don't start (#17049)

> >
> > 4. Do as much exploratory testing as you would like
> >
> > 5. Report back success or failure to this public mailing list:
> >    tails-testers@???

> >
> > Cheers,
> > --


>alienpup wrote:


> intrigeri,
>
> I downloaded and installed this secure boot alpha:
>
> tails-amd64-feature_6560-secure-boot-4.2-20191221T1643Z-581be0523e+stable@???
>
> and installed it to a 16GB Corsair Vega USB3 flash drive.
>
> The only Windows 10, secure boot capable system immediately available
> failed to boot this image. Seconds into the boot process, a banner
> appeared advising "Device Authentication Failed".
>
> I then configured the BIOS boot options for "Legacy", and rebooted.
> Tails booted the system normally with no obvious issues, save for a
> it's failure to detect a sound card (the only entry in the list of
> detected cards was "Dummy Output").
>
> The system in question is an HP Spectre laptop. Output of command
> #lspci -nn is attached.
>
> regards,
> alienpup
> Attachments:
> * lspci-nn-hp-spectre.out


intrigeri,

Sorry for the long delay getting back to you but I finally identified the problem wrt the "Device Authentication Failed" issue. The fix was to enter the BIOS and:

1) "Clear all secure boot keys"
2) "Load HP factory default keys"

Tails 4.5 rc-1 then booted cleanly.

I'm not sure what this implies for other users, but we ought to heed it as a possible source of trouble.

Thanks for your patience ;-)

alienpup