Your message dated Tue, 05 Aug 2025 18:50:34 +0000
with message-id <[email protected]>
and subject line Bug#1109984: fixed in systemd 258~rc2-1
has caused the Debian Bug report #1109984,
regarding systemd-boot: Confusing interactions between systemd-boot-efi and
systemd-boot-efi-amd64-signed
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1109984: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109984
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd-boot
Version: 257.7-1
Severity: normal
Dear Maintainer,
I've installed systemd-boot on a number of systems, following the
instructions from the Debian wiki [1]. On one system, I already had
systemd-boot-efi installed (from before the -signed version and
necessary changes to shim were accepted into the archive). This lead to
a system which didn't boot, since the unsigned systemd binary wasn't
replaced with the signed one. In addition, several messages that were
printed by systemd-boot during installation were pretty misleading.
Here's a console session showing some of the confusion:
$ sha256sum /boot/efi/EFI/Boot/BOOTX64.efi /boot/efi/EFI/debian/shimx64.efi
10b44fae69b1e2bb92484095ad0d140a66f8d8bcc960edbc46abb1a68f65fc26
/boot/efi/EFI/Boot/BOOTX64.efi
10b44fae69b1e2bb92484095ad0d140a66f8d8bcc960edbc46abb1a68f65fc26
/boot/efi/EFI/debian/shimx64.efi
$ dpkg --purge --force-depends systemd-boot systemd-boot-efi-amd64-signed
systemd-boot-tools
...
$ apt install systemd-boot systemd-boot-tools systemd-boot-efi-amd64-signed
...
Skipping "/boot/efi/EFI/systemd/systemd-bootx64.efi", same boot loader version
in place already.
Skipping "/boot/efi/EFI/BOOT/BOOTX64.EFI", it's owned by another boot loader
(no version info found).
...
$ dpkg --purge --force-depends systemd-boot systemd-boot-efi-amd64-signed
systemd-boot-tools
...
$ rm /boot/efi/EFI/systemd/systemd-bootx64.efi
$ apt install systemd-boot systemd-boot-tools systemd-boot-efi-amd64-signed
...
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed" to
"/boot/efi/EFI/systemd/systemd-bootx64.efi".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed" to
"/boot/efi/EFI/BOOT/BOOTX64.EFI".
...
$ sha256sum /boot/efi/EFI/Boot/BOOTX64.efi
10b44fae69b1e2bb92484095ad0d140a66f8d8bcc960edbc46abb1a68f65fc26
/boot/efi/EFI/Boot/BOOTX64.efi
NOTE: /boot/efi/EFI/BOOT/BOOTX64.EFI is treated differently depending on
whether /boot/efi/EFI/systemd/systemd-bootx64.efi exists. Also, the
message about /boot/efi/EFI/BOOT/BOOTX64.EFI being replaced in the
second installation appears to be incorrect.
$ dpkg --purge --force-depends systemd-boot systemd-boot-efi systemd-boot-tools
systemd-boot-efi-amd64-signed
...
$ rm /boot/efi/EFI/systemd/systemd-bootx64.efi
$ apt install systemd-boot systemd-boot-tools systemd-boot-efi
...
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to
"/boot/efi/EFI/systemd/systemd-bootx64.efi".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi" to
"/boot/efi/EFI/BOOT/BOOTX64.EFI".
...
$ sha256sum /boot/efi/EFI/Boot/BOOTX64.efi
20621b2b38b1c33adb6e7d7b51f1a94f241f4495b2102f9f35c591629f044303
/boot/efi/EFI/Boot/BOOTX64.efi
NOTE: Now /boot/efi/EFI/BOOT/BOOTX64.EFI was actually replaced?
$ apt install systemd-boot-efi-amd64-signed
...
$ sha256sum /boot/efi/EFI/Boot/BOOTX64.efi
/boot/efi/EFI/systemd/systemd-bootx64.efi /usr/lib/systemd/boot/efi/systemd*
20621b2b38b1c33adb6e7d7b51f1a94f241f4495b2102f9f35c591629f044303
/boot/efi/EFI/Boot/BOOTX64.efi
20621b2b38b1c33adb6e7d7b51f1a94f241f4495b2102f9f35c591629f044303
/boot/efi/EFI/systemd/systemd-bootx64.efi
20621b2b38b1c33adb6e7d7b51f1a94f241f4495b2102f9f35c591629f044303
/usr/lib/systemd/boot/efi/systemd-bootx64.efi
1c988ad7f8589e47140eddae0e88e8b954193ee512cc7417d57e8458019ddbe8
/usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed
NOTE: The signed version has not been used to replace the unsigned one
on the EFI partition.
$ efibootmgr -u | grep systemd
Boot0001* Linux Boot Manager
HD(2,GPT,46f010bb-33fd-453f-98ee-ed72b1beb98e,0x186000,0x225800)/File(\EFI\systemd\systemd-bootx64.efi)
NOTE: And no suitable EFI boot entry was created.
$ dpkg-reconfigure systemd-boot
Skipping "/boot/efi/EFI/systemd/systemd-bootx64.efi", same boot loader version
in place already.
Skipping "/boot/efi/EFI/BOOT/BOOTX64.EFI", same boot loader version in place
already.
Skipping "/boot/efi/EFI/BOOT/BOOTX64.efi", same boot loader version in place
already.
$ efibootmgr -u | grep systemd
Boot0001* Linux Boot Manager
HD(2,GPT,46f010bb-33fd-453f-98ee-ed72b1beb98e,0x186000,0x225800)/File(\EFI\systemd\systemd-bootx64.efi)
Boot0004* Debian
HD(2,GPT,46f010bb-33fd-453f-98ee-ed72b1beb98e,0x186000,0x225800)/File(EFI\debian\shimx64.efi)\EFI\systemd\systemd-bootx64.efi
\0
$ sha256sum /boot/efi/EFI/Boot/BOOTX64.efi
/boot/efi/EFI/systemd/systemd-bootx64.efi /usr/lib/systemd/boot/efi/systemd*
10b44fae69b1e2bb92484095ad0d140a66f8d8bcc960edbc46abb1a68f65fc26
/boot/efi/EFI/Boot/BOOTX64.efi
20621b2b38b1c33adb6e7d7b51f1a94f241f4495b2102f9f35c591629f044303
/boot/efi/EFI/systemd/systemd-bootx64.efi
20621b2b38b1c33adb6e7d7b51f1a94f241f4495b2102f9f35c591629f044303
/usr/lib/systemd/boot/efi/systemd-bootx64.efi
1c988ad7f8589e47140eddae0e88e8b954193ee512cc7417d57e8458019ddbe8
/usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed
NOTE: reconfiguring systemd-boot created the boot entry, and despite the
messages about skipping /boot/efi/EFI/systemd/systemd-bootx64.efi, it
was still replaced...?
$ dpkg --purge --force-depends systemd-boot systemd-boot-efi systemd-boot-tools
systemd-boot-efi-amd64-signed
$ efibootmgr -b 0004 -B
$ rm /boot/efi/EFI/systemd/systemd-bootx64.efi
$ cp /boot/efi/EFI/debian/shimx64.efi /boot/efi/EFI/Boot/BOOTX64.efi
$ apt install systemd-boot systemd-boot-tools systemd-boot-efi-amd64-signed
...
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed" to
"/boot/efi/EFI/systemd/systemd-bootx64.efi".
Copied "/usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed" to
"/boot/efi/EFI/BOOT/BOOTX64.EFI".
Random seed file /boot/efi/loader/random-seed successfully refreshed (32 bytes).
Created EFI boot entry "Linux Boot Manager".
...
$ sha256sum /boot/efi/EFI/Boot/BOOTX64.efi
/boot/efi/EFI/systemd/systemd-bootx64.efi /usr/lib/systemd/boot/efi/systemd*
10b44fae69b1e2bb92484095ad0d140a66f8d8bcc960edbc46abb1a68f65fc26
/boot/efi/EFI/Boot/BOOTX64.efi
1c988ad7f8589e47140eddae0e88e8b954193ee512cc7417d57e8458019ddbe8
/boot/efi/EFI/systemd/systemd-bootx64.efi
1c988ad7f8589e47140eddae0e88e8b954193ee512cc7417d57e8458019ddbe8
/usr/lib/systemd/boot/efi/systemd-bootx64.efi.signed
$ efibootmgr -u | grep systemd
Boot0001* Linux Boot Manager
HD(2,GPT,46f010bb-33fd-453f-98ee-ed72b1beb98e,0x186000,0x225800)/File(\EFI\systemd\systemd-bootx64.efi)
Boot0004* Debian
HD(2,GPT,46f010bb-33fd-453f-98ee-ed72b1beb98e,0x186000,0x225800)/File(EFI\debian\shimx64.efi)\EFI\systemd\systemd-bootx64.efi
\0
NOTE: Creating a clean starting point and then installing only the
signed version of systemd-boot worked as expected.
[1] https://wiki.debian.org/SecureBoot#Secure_Boot_setup_with_systemd-boot
-- System Information:
Debian Release: 13.0
APT prefers unstable
APT policy: (500, 'unstable'), (102, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.38+deb13-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages systemd-boot depends on:
ii libc6 2.41-10
ii libsystemd-shared 257.7-1
ii systemd 257.7-1
ii systemd-boot-efi-amd64-signed [systemd-boot-efi-signed] 257.7-1
ii systemd-boot-tools 257.7-1
Versions of packages systemd-boot recommends:
ii efibootmgr 18-2
ii shim-signed 1.46+15.8-1
Versions of packages systemd-boot suggests:
pn systemd-ukify <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: systemd
Source-Version: 258~rc2-1
Done: Luca Boccassi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
systemd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luca Boccassi <[email protected]> (supplier of updated systemd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 05 Aug 2025 17:19:48 +0100
Source: systemd
Architecture: source
Version: 258~rc2-1
Distribution: experimental
Urgency: medium
Maintainer: Debian systemd Maintainers
<[email protected]>
Changed-By: Luca Boccassi <[email protected]>
Closes: 1109979 1109984
Changes:
systemd (258~rc2-1) experimental; urgency=medium
.
* Install usr/share/factory files and restore nsswitch.conf/pam.d/issue
on factory reset
* systemd-boot: register interest in systemd-boot-signed trigger
(Closes: #1109984)
* NEWS: fix typo (Closes: #1109979)
* systemd-boot: fix registering/removing uncompressed kernels
* d/t/control: prefer systemd-boot-tools if available
* systemd-boot: make efibootmgr a dependency. Ensures efivars can be set
up correctly
* Update upstream source from tag 'upstream/258_rc2' Update to upstream
version '258~rc2' with Debian dir
164978ce9ff194871416f304705979b7d540a8e2
* systemd-container: update lintian overrides for more false positives
Checksums-Sha1:
6633b82109eeefbfe5514067393d61a16131f97b 8599 systemd_258~rc2-1.dsc
79365f7635f5c3aa7041f03a11ee1a516aeb8939 16922463 systemd_258~rc2.orig.tar.gz
a1a7ac6b0ba4c69042fac14e8a261d8d694d3610 181720 systemd_258~rc2-1.debian.tar.xz
f8c159922d06109c5870ccbb8881450c57cc2910 14159
systemd_258~rc2-1_source.buildinfo
Checksums-Sha256:
38e7e0da74b479c5856ed4782681f55f103420253340e750c091a0e687f79039 8599
systemd_258~rc2-1.dsc
a47f10d6b806b2a92fbec8501a4a58d20be8e475a9d9a455f5b7f4c5f414bfe6 16922463
systemd_258~rc2.orig.tar.gz
a556cb72be0d74a4d21978b97cb278a1221811d56a63bab98c87f00602ef0fff 181720
systemd_258~rc2-1.debian.tar.xz
5d47e8db09232b661e2da364bfc1c8d64ed1316a93199b27c34c41db828a23f1 14159
systemd_258~rc2-1_source.buildinfo
Files:
2784b916633264b54fed57e4a778ae2c 8599 admin optional systemd_258~rc2-1.dsc
2ed59400a46b2dc21b8edb97f45e5afd 16922463 admin optional
systemd_258~rc2.orig.tar.gz
09a09a2d6fb6311348bc0d4b37031e38 181720 admin optional
systemd_258~rc2-1.debian.tar.xz
926bc43671b39f2b7abd5a5ba6a2200c 14159 admin optional
systemd_258~rc2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEErCSqx93EIPGOymuRKGv37813JB4FAmiSTWcRHGJsdWNhQGRl
Ymlhbi5vcmcACgkQKGv37813JB7ivA//RKbO6Bss/WEB4/G42pzkgPW8RlWOrbyi
IpZe0YDblX/UCEuEA1uHhsTCuQhlYxULOntTtdjP8i5VOht0D28SUTGM1F5E+MqW
z1z2d/1hah4OfXUP/Ljjnc8oxI3pji0ProSTIJ1KcDoS/UJx+tgxrkXTJ65fHNXh
xGL46+HdF/vlfIr/JoVbCny31sCL2RdxYz9SqL/xBQqGMvNHx6zIntjh1l3FSScW
hPBT+3NGeApONB7PCc9HhAEwrd0yjeIpujsgq4+aR2bibRJcaaN18An7CZUSkcqC
wkEUq5i5LmCAaZha3A/QVkqwYAztq3itvByouayCz60o/II2DCtSNOUqUxcSe+Xd
0C03qjjnMSosaMe8ApR5ixI9lv5B9G7WjXBorAg9JyWICbcGEkCzHtjhJ082iZ7m
S1UD1+yrSz2MeRj+9b1IerlE5G5iPh/iQr1V1SQr+gOYqcd1HNUL9XUYyaGKjsnA
hqs6o7Y7sd8EC1YX87pOya7hECFAq36xQCxesY+3E4czL6CofuZoDj5sPyeSo2Wb
TtA0aRHsa7NEeu3BFigLD60TWNjX+LruRKAe7QM+mjSVui0/K0YHxtQJ384ZF6HV
doWGtaPh7fSYEy5LXkqlFSsG6iVihHdPT/WrO+XWxdlnOiMFIMWZLDk/tXj/MwTo
+jcKyWESm1o=
=T5xF
-----END PGP SIGNATURE-----
pgp_6tjZmTbUQ.pgp
Description: PGP signature
--- End Message ---
