Announcement

Collapse
No announcement yet.

Intel Software Guard Exentsion SGX - Error at boot screen

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Intel Software Guard Exentsion SGX - Error at boot screen

    Hello everyone,

    I recently tried to install KDE Neon to test any differences but migrated back to Kubuntu as I had some errors preventing a regular boot.
    After reinstallation of Kubuntu 22.10 I stumble to an error after Grub bootloader saying:

    Code:
    Initramfs unpacking failed: ZSTD-compress data is corrupt
    Code:
    Could not map UEFI TPM log table payload!
    To summarize: I tried to install Kubuntu 22.04 to upgrade to 22.10 - which removed the error initially.
    After the upgrade and my final setup of the fresh installation it still worked so I installed the Kubunut ppa backports and regular ppa
    [HTML]https://launchpad.net/~kubuntu-ppa/+archive/ubuntu/backports[/HTML]
    [HTML]https://launchpad.net/~kubuntu-ppa/+archive/ubuntu/ppa[/HTML]

    After that upgrade to the newest KDE feature I started to get the errors again.


    Somehow it seems to be related to Software Guard Extensions. As soon as I disable this feature at Bios I do not longer get the error.


    Is someone else having those issues?
    Last edited by Uncut2180; Dec 10, 2022, 06:10 AM.

    #2
    Originally posted by Uncut2180 View Post
    I had some errors preventing a regular boot.
    Does this mean it still boots, though? Sometimes some of these messages 'leak' through, and can be ignored.

    Originally posted by Uncut2180 View Post
    Somehow it seems to be related to Software Guard Extensions. As soon as I disable this feature at Bios I do not longer get the error.
    leave it disabled then

    Originally posted by Uncut2180 View Post
    I tried to install Kubuntu 22.04 to upgrade to 22.10
    Why aren't you just installing 22.10 directly? The upgrade step is wasted effort and lost time, with no benefit.

    I have no idea what the error is coming from, but on upgrades you can boot to a previous kernel, or to recovery mode in the current kernel, and try manually rebuilding the initramfs for the current kernel:
    Something like this:
    https://askubuntu.com/questions/1277...packing-failed

    Comment


      #3
      Originally posted by Uncut2180 View Post
      […] Somehow it seems to be related to Software Guard Extensions. As soon as I disable this feature at Bios I do not longer get the error. […]
      You won't need SGX on Linux anyhow…

      One can also add "nosgx" to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub - don't forget to sudo update-grub afterwards.
      Debian KDE & LXQt • Kubuntu & Lubuntu • openSUSE KDE • Windows • macOS X
      Desktop: Lenovo ThinkCentre M75s • Laptop: Apple MacBook Pro 13" • and others

      get rid of Snap script (20.04 +)reinstall Snap for release-upgrade script (20.04 +)
      install traditional Firefox script (22.04 +)​ • install traditional Thunderbird script (24.04)

      Comment


        #4
        Originally posted by claydoh View Post
        Does this mean it still boots, though? Sometimes some of these messages 'leak' through, and can be ignored.

        leave it disabled then


        Why aren't you just installing 22.10 directly? The upgrade step is wasted effort and lost time, with no benefit.

        I have no idea what the error is coming from, but on upgrades you can boot to a previous kernel, or to recovery mode in the current kernel, and try manually rebuilding the initramfs for the current kernel:
        Something like this:
        https://askubuntu.com/questions/1277...packing-failed
        Yes, it still boots without any problems. The only difference is that the encryption password at boot is console style instead of a more "beautiful" screen.

        I have already tried booting a previous kernel and also rebuild initrams (+ grub to be sure).

        Comment


          #5
          Originally posted by Schwarzer Kater View Post

          You won't need SGX on Linux anyhow…

          One can also add "nosgx" to GRUB_CMDLINE_LINUX_DEFAULT in /etc/default/grub - don't forget to sudo update-grub afterwards.

          Thanks for the info. Is there absolutely no usecase where (K)ubuntu makes use of SGX?

          Comment


            #6
            I just found this --> https://www.kernel.org/doc/html/latest/x86/sgx.html

            Comment


              #7
              Originally posted by Uncut2180 View Post
              Is there absolutely no usecase where (K)ubuntu makes use of SGX?
              I don't think it is of great use in a private environment with your "everyday programs" afaik - but I could be wrong, of course.
              Last edited by Schwarzer Kater; Dec 10, 2022, 04:38 AM.
              Debian KDE & LXQt • Kubuntu & Lubuntu • openSUSE KDE • Windows • macOS X
              Desktop: Lenovo ThinkCentre M75s • Laptop: Apple MacBook Pro 13" • and others

              get rid of Snap script (20.04 +)reinstall Snap for release-upgrade script (20.04 +)
              install traditional Firefox script (22.04 +)​ • install traditional Thunderbird script (24.04)

              Comment


                #8
                Not sure either :-)
                I just thought maybe KWallet or other tools which rely on encryption will have a benefit of SGX but if not I am also not having a problem of disabling it.

                Comment


                  #9
                  As far as I understand we are still at the beginning of the implementation of SGX and it is mainly targeted at enterprise.​

                  I found something from Intel (the makers of SGX):
                  https://download.01.org/intel-sgx/la..._for_Linux.pdf

                  I could not read this properly or try/test something (perhaps I will have time in a week or so) and am sorry if my first comment mislead somebody - my knowledge was from some years ago…

                  PS: Perhaps you could add something with "SGX" to the title of this thread as the discussion seems to go this way…?
                  Last edited by Schwarzer Kater; Dec 10, 2022, 06:08 AM. Reason: PS & typos
                  Debian KDE & LXQt • Kubuntu & Lubuntu • openSUSE KDE • Windows • macOS X
                  Desktop: Lenovo ThinkCentre M75s • Laptop: Apple MacBook Pro 13" • and others

                  get rid of Snap script (20.04 +)reinstall Snap for release-upgrade script (20.04 +)
                  install traditional Firefox script (22.04 +)​ • install traditional Thunderbird script (24.04)

                  Comment


                    #10
                    Schwarzer Kater: I edited the thread title if someone else is searching the net for it.
                    I had SGX enabled all the years since I have my Dell XPS (~3, 4 years) and it worked without any problems.

                    Only after my journey to KDE Neon and back to Kubuntu caused my problems.
                    Personally I think it is due to the installation and update of the Kubuntu KDE ppa packages.

                    Do you know if there is any possiblity to disable this repository and downgrade those packages back to those which are officially being provided via the Kubuntu repositories?

                    Comment


                      #11
                      How about removing kubuntu-ppa-ubuntu-backports-jammy.list from /etc/apt/sources.list.d/ and sudo apt update && apt list --upgradable ?
                      If the output is satisfying: sudo apt full-upgrade && reboot - perhaps sudo apt autoremove && sudo apt autoclean afterwards.

                      But wait for a second opinion as I haven't done this in a while…

                      PS: To get rid of the rest of backport's files in /etc/apt/ just sudo rm /etc/apt/trusted.gpg.d/kubuntu-ppa-ubuntu-backports*
                      Debian KDE & LXQt • Kubuntu & Lubuntu • openSUSE KDE • Windows • macOS X
                      Desktop: Lenovo ThinkCentre M75s • Laptop: Apple MacBook Pro 13" • and others

                      get rid of Snap script (20.04 +)reinstall Snap for release-upgrade script (20.04 +)
                      install traditional Firefox script (22.04 +)​ • install traditional Thunderbird script (24.04)

                      Comment


                        #12
                        I think it should be sufficient if I just comment out the repo line instead of removing the whole .conf file?

                        Comment


                          #13
                          Why? You can easily add all the stuff again by simply sudo add-apt-repository ppa:kubuntu-ppa/backports && sudo apt update
                          Debian KDE & LXQt • Kubuntu & Lubuntu • openSUSE KDE • Windows • macOS X
                          Desktop: Lenovo ThinkCentre M75s • Laptop: Apple MacBook Pro 13" • and others

                          get rid of Snap script (20.04 +)reinstall Snap for release-upgrade script (20.04 +)
                          install traditional Firefox script (22.04 +)​ • install traditional Thunderbird script (24.04)

                          Comment


                            #14
                            Of course but "just" for testing purposes it is easier to comment out a single line instead of removing a whole .conf file + adding it again afterwards.

                            Anyway I just tried what you suggested earlier today and remove the Kubuntu ppa config files.
                            After and
                            Code:
                            apt update
                            it did not suggest the origin main Kubuntu repository packages.

                            If I list all installed packages they are being marked as
                            Code:
                            Installed, local
                            I do not know if it's possible to downgrade those packages manually - only via
                            Code:
                            apt install --reinstall
                            package by package but this probably would kill my Kubuntu.

                            Comment


                              #15
                              OK, post #11 does definitely not work - as I said: it has been a wihile…

                              I think last time I did something like this I finally used ppa-purge, and I still cannot think of another solution to revert from Kubuntu backports and/or backports-extra PPA (be sure to "enable" it again if you commented out or deleted something in /etc/apt -> sudo add-apt-repository ppa:kubuntu-ppa/backports && sudo apt update):
                              Code:
                              sudo apt install ppa-purge
                              sudo ppa-purge ppa:kubuntu-ppa/backports  # in case of "normal" backports, otherwise: backports-extra
                              reboot
                              If need be sudo apt autoremove && sudo apt autoclean afterwards.
                              Debian KDE & LXQt • Kubuntu & Lubuntu • openSUSE KDE • Windows • macOS X
                              Desktop: Lenovo ThinkCentre M75s • Laptop: Apple MacBook Pro 13" • and others

                              get rid of Snap script (20.04 +)reinstall Snap for release-upgrade script (20.04 +)
                              install traditional Firefox script (22.04 +)​ • install traditional Thunderbird script (24.04)

                              Comment

                              Working...
                              X