#2425 Issue closed: OPALPBA: Reboot after unlocking self-encrpyting disks may hang on some UEFI systems

Labels: enhancement, fixed / solved / done, special hardware or VM

OliverO2 opened issue at 2020-06-15 11:54:

  • ReaR version: Relax-and-Recover 2.6 / Git
  • OS version: Ubuntu 18.04.4 LTS, Ubuntu 20.04 LTS
  • System architecture: x86_64
  • Firmware and bootloader: UEFI, Grub 2 without Secure Boot
  • Description of the issue:

After unlocking self-encrypting disks via ReaR's TCG Opal-2 PBA, a system is expected to boot into its regular OS. Sequence:

  1. System powered on. Self-encrpyted boot disk is locked and shows its PBA boot sector only.
  2. The PBA (pre-boot authentication) system boots and asks for a password.
  3. The PBA unlocks the boot disk, which now shows its partitions for the 'real' OS.
  4. The PBA initiates a reboot.
  5. The UEFI firmware runs the bootloader for the real OS (Grub 2 in our example).
  6. Grub 2 loads kernel and initramfs.
  7. Grub 2 hands over control to the kernel.

Probably due to an UEFI firmware glitch, on an HPE ML10Gen9 server the boot process for the 'real' OS hangs in step 7, probably in the kernel's early initialization phase before console output can be seen.

PR including a workaround for the issue upcoming.

jsmeix commented at 2020-06-16 08:08:

With https://github.com/rear/rear/pull/2426 merged
this issue is fixed.

@OliverO2
thank you so much for your continuous testing and for your prompt fixes!

jsmeix commented at 2020-07-14 11:34:

With https://github.com/rear/rear/pull/2455 merged
there should be now a sufficient workaround for this issue
where the root cause seems to be a firmware issue on an HPE ML10Gen9 server
where the only reliable way to boot is a power cycle after Opal disks were unlocked.

@OliverO2
again thank you for your continuous testing and for your improvements in ReaR
to work around possible firmware issues on special hardware.

OliverO2 commented at 2020-07-14 13:33:

@jsmeix
Thank you for quickly integrating everything. Including stuff like this covering a somewhat exotic use case.

jsmeix commented at 2020-07-15 06:47:

Covering also exotic use cases in ReaR is not exactly the same
but it matches the basic idea behind "Dirty hacks welcome" in
https://github.com/rear/rear/wiki/Coding-Style

[Export of Github issue for rear/rear.]