I have a servers Dell server R650, which has been running Ubuntu 18.04 for couple of years with secure boot enabled. When attempting to upgrade it to Ubuntu 20.04 using official ISO image 20.04.6 I encountered the following issue.
After booting into Ubuntu 20.04 once, subsequent attempts to boot into both Ubuntu 18.04 and Ubuntu 20.04 with secure boot enabled are not successful.
For Ubuntu 18 I got
sbat.c:120:verify_single_entry() component sbat has a matching SBAT variable entry, verifying
sbat.c:120:verify_single_entry() component grub has a matching SBAT variable entry, verifying
sbat.c:131:verify_single_entry() component grub, generation 1, was revoked by SbatLevel variable
sbat.c:182:verify_sbat_helper() finished verifying SBAT data: Security Policy Violation
Verification failed: Security Policy Violation
Failed to load image: Security Policy Violation
For Ubuntu 20, the situation is different.
sbat.c:125:verify_single_entry() component sbat has a matching SBAT variable entry, verifying
sbat.c:191:verify_sbat_helper() finished verifying SBAT data: Success
shim.c:1740:efi_main() SBAT self-check succeeded
But server is “stuck” for 10 minutes or so and then rebooting itself.
All boots are made from official and unmodified Ubuntu ISO images using IDRAC virtual media.
The following steps were taken (one by one and all together), but still cannot boot (with secure boot)
- Platform Key (PK) –> Restore Default Platform Key
- Key Exchange Key (KEK) Database -> Restore Default KEK Database
- Authorized Signature Database (db) -> Restore default
- Restore Default Policy Entries (PK, KEK, db and dbx)
- BIOS reset to default
This server system certified with Ubuntu (20.04/22.04) - https://ubuntu.com/certified/202105-29054
Any help to get Ubuntu 20.04 (and Ubuntu 18.04) secure boot possible?
