Join Log in
Score:0
AlMo320 avatar Ubuntu

can I rescue this botched up install?

cn flag
AlMo320

I apt remove'd shim-signed, and saw the most horrifying "I agree" screen ever. Something like 'I know what I'm doing, yes'. Now I am in a bad limbo, with 20.10 installed (not sure how it happened exactly, b/c I wanted to stay with LTS, my hunch is I ran boot-repair because there was a lubuntu dependency, and I ignored that, with two packages "held back." Being a newbie, I of course regret my actions, no doubt I'll be re-installing a fresh 20.04, but if there's any way to resolve this I'd really appreciate hearing it from this great and knowledgeable community!

I'll add more to this as requested, but want to see if I have totally horked my "daily driver" or might there be some -f flag somewhere to get it working. This is on a dual boot with Windows 11, I ran the boot-repair, connected to the internet with that, and got some advice from the app to turn off secure boot and try again (which I ignored). Something the boot repair disk downloaded changed a setting that told the system I was on groovy instead of focal, I subsequently ran apt update/upgrade, and the shim-signed and one other package were held back, even though I rebooted several times and groovy seemed to be running fine.

So, classic case of getting greedy; I currently can boot but have to turn off secure boot in the UEFI BIOS.

47
0 + 0
Liso avatar
sd flag
Liso
Once they saw that 20.10 tag, it will be closed immediately as it was EOL release.
0
Reply
Score:1
avatar Ubuntu
us flag
Brian

What is wrong with turning off secure boot? It's a Microsoft gimmick to disqualify older hardware from running Windows 10 and everything after that. You don't need it.

I've never used it. There is absolutely no benefit, unless you go online without protection, which is like a 16-year-old white girl in a bikini and spiked heels, roaming the docks at 2:00am Sunday morning, screaming "I've got 3,000 dollars cash on me!"

0 + 0
AlMo320 avatar
cn flag
AlMo320
I love a great analogy, and yours is almost as good as the one I heard on Succession (HBO) tonight: "like a threshing machine in a field full of [male organs]". That said, it is not >50% of the time I will boot into Ubuntu versus Windows 11 (still futzing with the WSL feature set in Windows 11).
0
Reply
AlMo320 avatar
cn flag
AlMo320
So my choices are: 1) to fix secure boot and keep Ubuntu 'apt'ly updated, 2) spend about 5 minutes turning off SB between changing OSes, or 3) turn off bitlocker. That's why I'm leaning toward door #1, think I'm almost there, with some careful pruning of /etc/apt/sources.list file, and *never* touching boot-repair again with a Secure Boot environment. I have to say, this process is 100% smoother than it was five-ten years ago, before TPM was a "thing" and UEFI was an annoying replacement for MBR.
0
Reply
AlMo320 avatar
cn flag
AlMo320
Yes, I also remember all those bootkits and rootkits that came with the territory of MBR too, and while no Zeus Banking bots or the like have found their way into xnix-land, I will "never say never!"
0
Reply
Score:0
AlMo320 avatar Ubuntu
cn flag
AlMo320

Looks like the problem was a mismatched fwupd-signed dependency. This article helped me through the issue. Problem, as I suspected, was using the boot-repair disk which was groovy rather than focal, and updated the signed packages fwupd-signed and shim-signed from 20.04 Ubuntu to 20.10 Lubuntu, then messed with sources.list or created a mismatch that upgraded me to groovy 20.10 when I ran apt update && apt upgrade too many times.

0 + 0
AlMo320 avatar
cn flag
AlMo320
So wondering if Richard Hughes (developer of fwupd and fwupd-signed) ever contemplated dual booted environments? Seems like two different OSes, Windows and Ubuntu, let's say, both updating the same firmware at different times would be ... problematic? I guess the trust cert is supposed to cover that contingency somehow, but the signing chain of a "shim" certificate would all have to chain up to ... wait for it ... Microsoft, correct? So it would be on them if a piece of malware was installed in some, say, network device's firmware?
0
Reply
AlMo320 avatar
cn flag
AlMo320
Here's a link to [an article](https://wiki.archlinux.org/title/fwupd) which explains a whole bunch of the internal mechanics of fwupd and to some extent secure boot.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.