CPU running much harder/louder after software update

updates uefi secure-boot

I am runniing Ubuntu 18.04.3 LTS on a dual boot machine, the other/original partition is Windows 10. I just ran "Software Updater" as I've been getting some notifications to do so for about a week now. As it was running it asked me to type a new password for MOK secure boot, I thought that as I had a my secure boot enabled this was just some new security level I would need to add.

After software was installed there was no prompt after a couple of minutes so I just decided to restart to make sure changes from the update could take place. As my computer booted up it took me to a new screen (it was blue and I recall it had a MOK title) it gave me a couple options and I choose the one that said something to the effect of "Load boot menu". That took me to my usual book menu where I could either choose between my partitions or UEFI menu. I loaded my ubuntu partition but as I was starting to get back to work my fan started humming very loudly and would not stop.

I ran top on my terminal and I see that command "update-securebo" is taking up 16% of my cpu. 

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND                 
 6917 root      20   0  111128  22268   7484 R  51.8  0.4   1:23.29 frontend                
 6941 root      20   0    4624   1688   1552 S  16.3  0.0   0:26.17 update-securebo         
  317 root      19  -1  183160  54820  53716 S   3.3  0.9   0:06.79 systemd-journal         
 1002 syslog    20   0  263032   5064   3556 S   2.7  0.1   0:04.91 rsyslogd

I then ran "ps aux | grep -i secureboot" to see this process.

root      6917 50.9  0.3 111128 22268 ?        R    11:58  12:09 /usr/bin/perl -w /usr/share/debconf/frontend /usr/sbin/update-secureboot-policy --enroll-key

root      6941 16.1  0.0   4624  1688 ?        S    11:58   3:51 /bin/sh /usr/sbin/update-secureboot-policy --enroll-key

So yeah these programs are still running and I'm not sure why. Is it safe to kill these processes or should I just disable secureboot altogether? Or is there something I missed altogether.


Solution 1:

Killing is not an option and disabling SecureBoot is not good idea in UEFI era. The problem appears, because "frontend" program is waiting for password to enroll keys, but the GUI to type password is not displayed (this is some shitty bug).

It is happening usually after a system upgrade.
To resolve the problem you must (as root):

killall -9 frontend
update-secureboot-policy --enroll-key

In the appeared pink GUI:

  • Type any one-time password (used only for enroll confirmation after reboot)
  • Confirm it
  • Reboot
  • After reboot you will see a blue GUI
  • Choose Enroll Key... (or Enroll MOK or something similar to enroll. It could be different for each PC or BIOS firmware)
  • There you can view the key and choose Continue to enroll it
  • Type your password again (from step 1)
  • Reboot

See SecureBoot manual for details.

Related

lshw -C display shows UNCLAIMED for GT840M graphics card
How to change directory using script
How do I enable the globalmenu / appmenu on Xfce or LXDE?
giving a short name for frequently opened directory via terminal [duplicate]
what does "sudo apt-get install aptitude" do?
Internet becomes unavailible after connecting through vpn
Remote desktop access between 2 Ubuntu 20.04 devices over the internet
Unlock screen in 14.04 without `gnome-screensaver-command`
How can I get System Monitor Indicator to display temperature?
How do I get a USB drive shortcut on desktop?
How to install Wacom Bamboo Pen
Shell with better editing capabilities