Your message dated Mon, 18 May 2026 13:33:58 +0000
with message-id <[email protected]>
and subject line Bug#1112197: fixed in shim-signed 1.48
has caused the Debian Bug report #1112197,
regarding fails to boot on a laptop without Microsoft 2011 UEFI CA
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1112197: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1112197
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: shim-signed
Version: 1.47+15.8-1
Severity: important
Dear Maintainer(s),
my new laptop (ASUS EXPERTBOOK B9403CVAR) fails to boot with Secure Boot
enabled, with the UEFI firmware showing a "Secure Boot violation"
message. This seems to be caused by the fact that shim is signed by
"Microsoft Corporation UEFI CA 2011", which is not present in the
laptop's db list. Instead it has the newer "Windows UEFI CA 2023" (full
mokutil --db output below).
Manually adding the 2011 CA to db does make it boot, but it is not
straightforward or particularly user-friendly.
Would it be possible to get shim signed by one of the keys that are
preloaded on this machine?
Cheers,
--
Anton Khirnov
-- System Information:
Debian Release: 13.0
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-debug'), (500, 'stable'),
(400, 'unstable'), (300, 'experimental'), (1, 'experimental-debug')
Architecture: amd64 (x86_64)
Kernel: Linux 6.16.3+deb14-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_CPU_OUT_OF_SPEC
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages shim-signed depends on:
ii grub-efi-amd64-bin 2.12-9
ii grub2-common 2.12-9
ii shim-helpers-amd64-signed 1+15.8+1
ii shim-signed-common 1.47+15.8-1
shim-signed recommends no packages.
shim-signed suggests no packages.
-- no debconf information
--------------------------
$ mokutil --db
[key 1]
Owner: 3b053091-6c9f-04cc-b1ac-e2a51e3be5f5
SHA1 Fingerprint: 62:b5:1e:d2:e6:c7:5e:27:33:52:c8:b0:52:1a:97:48:18:e9:23:3e
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)47:1a:7e:1b:20:88:5a:44:bd:7d:2a:33:03:ff:3f:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ASUSTeK Notebook SW Key Certificate
Validity
Not Before: Dec 27 00:18:53 2011 GMT
Not After : Dec 27 00:18:52 2031 GMT
Subject: CN=ASUSTeK Notebook SW Key Certificate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:9e:61:fa:74:2c:2a:88:17:c4:bd:77:19:0d:b3:
33:27:0c:0e:94:ec:b0:8b:71:b3:08:77:b7:d2:08:
9d:32:4f:5c:f7:0c:cf:e0:29:53:56:ed:24:91:d8:
bd:53:2a:89:89:8c:74:28:ab:16:2d:4f:9b:65:fc:
63:7d:ed:23:b6:97:5c:6d:04:e4:15:7f:dc:f8:ba:
6b:08:cc:c9:21:e9:b5:de:8e:03:28:12:63:f0:6a:
b6:e5:df:1d:72:28:cc:64:d6:63:66:2f:04:52:6a:
1d:25:7d:c7:bd:e0:78:fb:0c:b7:37:e5:ae:f7:0d:
d6:b5:b4:bf:f5:f1:c6:82:56:78:5c:a8:f3:53:2e:
f5:ec:15:3f:12:62:2f:eb:b6:79:79:86:ac:76:ff:
b6:66:45:f5:33:da:dd:25:d6:a7:bf:f8:d9:db:d3:
f1:fa:ce:0e:22:30:d7:d4:80:02:bd:d3:2c:1e:ec:
46:2e:2f:ca:0f:7a:fa:b9:5c:ff:2b:16:c6:6a:6b:
8d:94:64:92:7e:f9:55:ee:96:00:4d:04:2e:4b:15:
ed:f1:08:49:6a:07:86:69:c8:c5:64:fa:ad:2c:4f:
02:50:e4:1f:83:c7:2f:19:9f:e8:a5:62:d9:51:32:
18:b6:83:ca:08:0a:a1:ab:a7:65:70:9c:1e:48:c3:
0f:49
Exponent: 65537 (0x10001)
X509v3 extensions:
2.5.29.1:
0V...e.......[.......00.1,0*..U...#ASUSTeK Notebook SW Key
Certificate.......w..B......q
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
31:18:f4:ee:e3:72:ba:be:33:44:61:74:19:1f:66:ac:5c:fd:
1d:9a:26:75:d0:14:cd:68:38:b3:a8:3f:4f:b4:4a:e9:1e:21:
f2:c9:ee:37:96:26:be:1d:58:9b:ad:21:ce:58:79:53:d3:ff:
38:ef:8f:22:cd:90:0e:c6:32:21:75:9b:5a:ab:af:08:ff:05:
cd:2b:f8:8c:e7:97:47:bb:78:e4:5f:56:47:d2:bc:c8:a5:95:
cb:76:89:5c:65:24:02:18:06:9c:12:5f:ef:e0:5c:19:45:38:
96:df:7a:60:5d:61:ba:4d:c8:7b:6e:8d:8c:6e:1d:a9:e5:92:
35:a2:4f:36:d3:40:ad:d7:40:12:ab:6c:48:8d:18:92:e4:00:
52:03:df:14:ac:66:3f:6a:ae:42:3a:06:50:aa:a5:0d:40:a7:
7b:eb:fd:41:49:ff:eb:a3:b4:50:4f:f7:54:13:3b:1f:8e:b4:
45:04:20:42:74:fe:78:3d:be:7c:db:a7:2a:2a:9d:06:48:c0:
9a:02:23:af:f2:98:07:95:de:3b:30:73:ec:3e:73:58:8f:07:
53:40:96:d8:24:d9:66:80:7a:75:8d:b7:39:27:10:89:7a:b4:
53:bf:3b:c2:e2:97:93:37:8a:9d:4d:23:6e:ac:eb:0d:53:21:
4d:0b:34:13
[key 2]
Owner: 3b053091-6c9f-04cc-b1ac-e2a51e3be5f5
SHA1 Fingerprint: 16:b3:6b:31:bb:b6:cb:eb:a3:b1:2e:dd:5a:32:32:e9:93:f3:7d:d1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
(Negative)25:7c:46:6f:bd:d1:43:73:bb:e0:72:74:fc:65:9a:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ASUSTeK MotherBoard SW Key Certificate
Validity
Not Before: Dec 26 23:35:05 2011 GMT
Not After : Dec 26 23:35:04 2031 GMT
Subject: CN=ASUSTeK MotherBoard SW Key Certificate
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:8c:f6:a6:eb:77:fc:83:8a:a4:9f:d5:f8:cf:3f:
37:f2:6e:2d:0a:62:c5:d8:9b:1d:16:0b:22:7f:29:
5f:3a:26:df:53:97:8c:78:94:19:90:42:73:0f:85:
c2:ff:a4:85:7c:81:2e:0b:51:ba:56:23:27:92:3d:
a3:f2:dc:e2:77:84:9e:50:be:8a:eb:51:34:a4:f8:
ef:5d:d7:51:fe:70:42:4c:42:06:ef:69:2c:a2:d3:
25:e1:26:57:23:85:6d:d0:a7:7b:c0:45:28:7e:89:
d5:b4:0a:eb:af:41:79:21:d2:d7:00:ec:48:f9:44:
f6:5b:be:b6:25:24:f0:8e:2e:b4:52:3e:e1:0e:c1:
a4:67:ea:fe:e5:93:cc:b9:c4:36:21:cb:54:fa:af:
9d:9c:85:78:cc:e5:88:f3:84:0c:67:db:26:69:58:
ca:de:47:34:ec:cf:2f:b6:49:59:b5:56:db:58:45:
7b:21:9d:99:0b:5f:de:57:16:a6:ab:c8:79:3f:9d:
76:89:e2:09:f9:8d:e2:63:37:fc:74:ea:73:7e:70:
ac:15:16:a5:ed:88:60:5f:33:ed:94:9e:0a:05:de:
c7:85:c3:c1:7a:54:fb:4e:cb:cb:e8:5e:44:7c:39:
db:2d:b2:b7:6c:ce:ca:2f:63:9d:16:4e:a6:e5:ef:
d6:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
2.5.29.1:
0Y..V..*.......b.....3011/0-..U...&ASUSTeK MotherBoard SW Key
Certificate......B...D.....e.
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
02:cf:52:6f:0b:91:eb:e4:3b:b2:70:0c:07:2d:79:80:01:9e:
4b:4d:92:bb:dc:9e:e5:e5:31:85:e3:9a:75:ed:ca:de:8c:ee:
28:34:01:83:14:47:9e:3a:d4:43:5b:2c:c4:41:c8:40:7d:b5:
08:76:86:80:2b:a8:00:9f:b7:d3:b1:e6:60:5c:32:b0:a0:01:
0f:ba:36:8b:b7:b5:4e:87:d5:b7:0a:2c:bd:bc:6a:43:3c:ee:
76:7c:76:20:ed:39:91:a8:bf:70:1e:d6:a8:1a:3e:81:36:6b:
7d:1d:8d:f6:f8:af:5b:38:53:6a:04:0d:7e:ae:4d:ee:ab:02:
d4:a4:a2:a9:cf:b6:e3:66:a3:ca:4d:5d:d4:18:61:4d:da:83:
28:4e:aa:2a:af:da:eb:df:2a:20:bd:78:80:ef:d1:b0:dd:9b:
77:db:c9:25:39:4b:cf:a2:86:1a:ac:cc:32:e7:87:d4:59:b2:
03:c4:69:02:8f:17:c9:de:52:cb:e7:ab:b8:35:c5:f8:33:06:
03:93:52:cf:b3:68:d2:b3:5c:1c:e8:19:fe:75:26:ed:d1:65:
72:13:4d:69:34:5a:9b:0c:b4:e3:56:53:3c:b4:67:27:f8:fa:
d3:20:da:37:58:f6:ad:e2:82:59:a2:b8:22:2f:9e:56:fe:bc:
17:49:1d:af
[key 3]
Owner: 77fa9abd-0359-4d32-bd60-28f4e78f784b
SHA1 Fingerprint: 58:0a:6f:4c:c4:e4:b6:69:b9:eb:dc:1b:2b:3e:08:7b:80:d0:67:8d
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:07:76:56:00:00:00:00:00:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
CN=Microsoft Root Certificate Authority 2010
Validity
Not Before: Oct 19 18:41:42 2011 GMT
Not After : Oct 19 18:51:42 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
CN=Microsoft Windows Production PCA 2011
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:dd:0c:bb:a2:e4:2e:09:e3:e7:c5:f7:96:69:bc:
00:21:bd:69:33:33:ef:ad:04:cb:54:80:ee:06:83:
bb:c5:20:84:d9:f7:d2:8b:f3:38:b0:ab:a4:ad:2d:
7c:62:79:05:ff:e3:4a:3f:04:35:20:70:e3:c4:e7:
6b:e0:9c:c0:36:75:e9:8a:31:dd:8d:70:e5:dc:37:
b5:74:46:96:28:5b:87:60:23:2c:bf:dc:47:a5:67:
f7:51:27:9e:72:eb:07:a6:c9:b9:1e:3b:53:35:7c:
e5:d3:ec:27:b9:87:1c:fe:b9:c9:23:09:6f:a8:46:
91:c1:6e:96:3c:41:d3:cb:a3:3f:5d:02:6a:4d:ec:
69:1f:25:28:5c:36:ff:fd:43:15:0a:94:e0:19:b4:
cf:df:c2:12:e2:c2:5b:27:ee:27:78:30:8b:5b:2a:
09:6b:22:89:53:60:16:2c:c0:68:1d:53:ba:ec:49:
f3:9d:61:8c:85:68:09:73:44:5d:7d:a2:54:2b:dd:
79:f7:15:cf:35:5d:6c:1c:2b:5c:ce:bc:9c:23:8b:
6f:6e:b5:26:d9:36:13:c3:4f:d6:27:ae:b9:32:3b:
41:92:2c:e1:c7:cd:77:e8:aa:54:4e:f7:5c:0b:04:
87:65:b4:43:18:a8:b2:e0:6d:19:77:ec:5a:24:fa:
48:03
Exponent: 65537 (0x10001)
X509v3 extensions:
1.3.6.1.4.1.311.21.1:
...
X509v3 Subject Key Identifier:
A9:29:02:39:8E:16:C4:97:78:CD:90:F9:9E:4F:9A:E1:7C:55:AF:53
1.3.6.1.4.1.311.20.2:
.
.S.u.b.C.A
X509v3 Key Usage:
Digital Signature, Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Authority Key Identifier:
D5:F6:56:CB:8F:E8:A2:5C:62:68:D1:3D:94:90:5B:D7:CE:9A:18:C4
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
Authority Information Access:
CA Issuers -
URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
14:fc:7c:71:51:a5:79:c2:6e:b2:ef:39:3e:bc:3c:52:0f:6e:
2b:3f:10:13:73:fe:a8:68:d0:48:a6:34:4d:8a:96:05:26:ee:
31:46:90:61:79:d6:ff:38:2e:45:6b:f4:c0:e5:28:b8:da:1d:
8f:8a:db:09:d7:1a:c7:4c:0a:36:66:6a:8c:ec:1b:d7:04:90:
a8:18:17:a4:9b:b9:e2:40:32:36:76:c4:c1:5a:c6:bf:e4:04:
c0:ea:16:d3:ac:c3:68:ef:62:ac:dd:54:6c:50:30:58:a6:eb:
7c:fe:94:a7:4e:8e:f4:ec:7c:86:73:57:c2:52:21:73:34:5a:
f3:a3:8a:56:c8:04:da:07:09:ed:f8:8b:e3:ce:f4:7e:8e:ae:
f0:f6:0b:8a:08:fb:3f:c9:1d:72:7f:53:b8:eb:be:63:e0:e3:
3d:31:65:b0:81:e5:f2:ac:cd:16:a4:9f:3d:a8:b1:9b:c2:42:
d0:90:84:5f:54:1d:ff:89:ea:ba:1d:47:90:6f:b0:73:4e:41:
9f:40:9f:5f:e5:a1:2a:b2:11:91:73:8a:21:28:f0:ce:de:73:
39:5f:3e:ab:5c:60:ec:df:03:10:a8:d3:09:e9:f4:f6:96:85:
b6:7f:51:88:66:47:19:8d:a2:b0:12:3d:81:2a:68:05:77:bb:
91:4c:62:7b:b6:c1:07:c7:ba:7a:87:34:03:0e:4b:62:7a:99:
e9:ca:fc:ce:4a:37:c9:2d:a4:57:7c:1c:fe:3d:dc:b8:0f:5a:
fa:d6:c4:b3:02:85:02:3a:ea:b3:d9:6e:e4:69:21:37:de:81:
d1:f6:75:19:05:67:d3:93:57:5e:29:1b:39:c8:ee:2d:e1:cd:
e4:45:73:5b:d0:d2:ce:7a:ab:16:19:82:46:58:d0:5e:9d:81:
b3:67:af:6c:35:f2:bc:e5:3f:24:e2:35:a2:0a:75:06:f6:18:
56:99:d4:78:2c:d1:05:1b:eb:d0:88:01:9d:aa:10:f1:05:df:
ba:7e:2c:63:b7:06:9b:23:21:c4:f9:78:6c:e2:58:17:06:36:
2b:91:12:03:cc:a4:d9:f2:2d:ba:f9:94:9d:40:ed:18:45:f1:
ce:8a:5c:6b:3e:ab:03:d3:70:18:2a:0a:6a:e0:5f:47:d1:d5:
63:0a:32:f2:af:d7:36:1f:2a:70:5a:e5:42:59:08:71:4b:57:
ba:7e:83:81:f0:21:3c:f4:1c:c1:c5:b9:90:93:0e:88:45:93:
86:e9:b1:20:99:be:98:cb:c5:95:a4:5d:62:d6:a0:63:08:20:
bd:75:10:77:7d:3d:f3:45:b9:9f:97:9f:cb:57:80:6f:33:a9:
04:cf:77:a4:62:1c:59:7e
[key 4]
Owner: 77fa9abd-0359-4d32-bd60-28f4e78f784b
SHA1 Fingerprint: 45:a0:fa:32:60:47:73:c8:24:33:c3:b7:d5:9e:74:66:b3:ac:0c:67
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:00:00:00:1a:88:8b:98:00:56:22:84:c1:00:00:00:00:00:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
CN=Microsoft Root Certificate Authority 2010
Validity
Not Before: Jun 13 18:58:29 2023 GMT
Not After : Jun 13 19:08:29 2035 GMT
Subject: C=US, O=Microsoft Corporation, CN=Windows UEFI CA 2023
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bc:b2:35:d1:54:79:b4:8f:cc:81:2a:6e:b3:12:
d6:93:97:30:7c:38:5c:bf:79:92:19:0a:0f:2d:0a:
fe:bf:e0:a8:d8:32:3f:d2:ab:6f:6f:81:c1:4d:17:
69:45:cf:85:80:27:a3:7c:b3:31:cc:a5:a7:4d:f9:
43:d0:5a:2f:d7:18:1b:d2:58:96:05:39:a3:95:b7:
bc:dd:79:c1:a0:cf:8f:e2:53:1e:2b:26:62:a8:1c:
ae:36:1e:4f:a1:df:b9:13:ba:0c:25:bb:24:65:67:
01:aa:1d:41:10:b7:36:c1:6b:2e:b5:6c:10:d3:4e:
96:d0:9f:2a:a1:f1:ed:a1:15:0b:82:95:c5:ff:63:
8a:13:b5:92:34:1e:31:5e:61:11:ae:5d:cc:f1:10:
e6:4c:79:c9:72:b2:34:8a:82:56:2d:ab:0f:7c:c0:
4f:93:8e:59:75:41:86:ac:09:10:09:f2:51:65:50:
b5:f5:21:b3:26:39:8d:aa:c4:91:b3:dc:ac:64:23:
06:cd:35:5f:0d:42:49:9c:4f:0d:ce:80:83:82:59:
fe:df:4b:44:e1:40:c8:3d:63:b6:cf:b4:42:0d:39:
5c:d2:42:10:0c:08:c2:74:eb:1c:dc:6e:bc:0a:ac:
98:bb:cc:fa:1e:3c:a7:83:16:c5:db:02:da:d9:96:
df:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
1.3.6.1.4.1.311.21.1:
...
X509v3 Subject Key Identifier:
AE:FC:5F:BB:BE:05:5D:8F:8D:AA:58:54:73:49:94:17:AB:5A:52:72
1.3.6.1.4.1.311.20.2:
.
.S.u.b.C.A
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Authority Key Identifier:
D5:F6:56:CB:8F:E8:A2:5C:62:68:D1:3D:94:90:5B:D7:CE:9A:18:C4
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
Authority Information Access:
CA Issuers -
URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
9f:c9:b6:ff:6e:e1:9c:3b:55:f6:fe:8b:39:dd:61:04:6f:d0:
ad:63:cd:17:76:4a:a8:43:89:8d:f8:c6:f2:8c:5e:90:e1:e4:
68:a5:15:ec:b8:d3:60:0c:40:57:1f:fb:5e:35:72:61:de:97:
31:6c:79:a0:f5:16:ae:4b:1c:ed:01:0c:ef:f7:57:0f:42:30:
18:69:f8:a1:a3:2e:97:92:b8:be:1b:fe:2b:86:5e:42:42:11:
8f:8e:70:4d:90:a7:fd:01:63:f2:64:bf:9b:e2:7b:08:81:cf:
49:f2:37:17:df:f1:f9:72:d3:c3:1d:c3:90:45:4d:e6:80:06:
bd:fd:e5:6a:69:ce:b3:7e:4e:31:5b:84:73:a8:e8:72:3f:27:
35:c9:7c:20:ce:00:9b:4f:e0:4c:b4:36:69:cb:f7:34:11:11:
74:12:7a:a8:8c:2e:81:6c:a6:50:ad:19:fa:a8:46:45:6f:b1:
67:73:c3:6b:e3:40:e8:2a:69:8f:24:10:e1:29:6e:8d:16:88:
ee:8e:7f:66:93:02:6f:5b:9e:04:8c:cc:81:1c:ad:97:54:f1:
18:2e:7e:52:90:bc:51:de:2a:0e:ae:66:ea:bc:64:6e:a0:91:
64:e4:2f:12:a8:bc:e7:6b:ba:c7:1b:9b:79:1a:64:66:f1:43:
b4:d1:c3:46:21:38:81:79:4c:fa:f0:31:0d:d3:79:ff:7a:12:
a5:1d:d9:dd:ac:a2:0f:71:82:f7:93:ff:5c:a1:61:ae:65:f2:
14:81:ed:79:5a:9a:87:ea:60:7b:cb:b3:4f:75:34:ca:ba:a1:
ef:a2:f6:a2:80:45:a1:8b:27:81:cd:d5:77:38:3e:ca:4e:dd:
28:ea:58:ba:c5:a0:29:de:86:8c:88:fc:95:27:51:dd:ab:d3:
d0:5b:0d:77:c7:6c:8f:55:d7:d4:a2:0e:5b:e4:34:46:14:16:
1d:e3:1c:d6:6d:99:ad:4c:ec:71:73:2f:ab:ce:b2:b4:29:de:
55:30:53:39:3a:32:8b:f0:ea:9c:88:12:3b:05:68:19:bf:cf:
87:52:10:fb:d6:13:60:f3:41:64:f4:08:57:81:cb:9d:11:a5:
8e:f4:e5:27:f5:a3:3a:ec:e4:3d:4a:b7:ce:f9:88:0d:9f:bd:
ca:6d:d2:4a:bc:58:76:8e:32:04:94:6e:dd:f4:cf:6d:47:6d:
c2:d7:6a:dc:87:71:ea:a4:bf:ef:67:97:9c:b8:c7:80:36:2a:
2a:59:c9:c0:0c:a7:44:a0:73:b5:8c:cf:38:5a:ae:f8:bb:86:
95:f0:44:ad:66:7a:33:ed:71:e4:45:87:83:e5:a7:ce:a2:40:
d0:72:d2:48:00:fa:f9:1a
[key 5]
Owner: 6dc40ae4-2ee8-9c4c-a314-0fc7b2008710
SHA1 Fingerprint: 76:a0:92:06:58:00:bf:37:69:01:c3:72:cd:55:a9:0e:1f:de:d2:e0
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
b9:41:24:a0:18:2c:92:67
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Isle of Man, L=Douglas, O=Canonical Ltd., CN=Canonical
Ltd. Master Certificate Authority
Validity
Not Before: Apr 12 11:12:51 2012 GMT
Not After : Apr 11 11:12:51 2042 GMT
Subject: C=GB, ST=Isle of Man, L=Douglas, O=Canonical Ltd.,
CN=Canonical Ltd. Master Certificate Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:bf:5b:3a:16:74:ee:21:5d:ae:61:ed:9d:56:ac:
bd:de:de:72:f3:dd:7e:2d:4c:62:0f:ac:c0:6d:48:
08:11:cf:8d:8b:fb:61:1f:27:cc:11:6e:d9:55:3d:
39:54:eb:40:3b:b1:bb:e2:85:34:79:ca:f7:7b:bf:
ba:7a:c8:10:2d:19:7d:ad:59:cf:a6:d4:e9:4e:0f:
da:ae:52:ea:4c:9e:90:ce:c6:99:0d:4e:67:65:78:
5d:f9:d1:d5:38:4a:4a:7a:8f:93:9c:7f:1a:a3:85:
db:ce:fa:8b:f7:c2:a2:21:2d:9b:54:41:35:10:57:
13:8d:6c:bc:29:06:50:4a:7e:ea:99:a9:68:a7:3b:
c7:07:1b:32:9e:a0:19:87:0e:79:bb:68:99:2d:7e:
93:52:e5:f6:eb:c9:9b:f9:2b:ed:b8:68:49:bc:d9:
95:50:40:5b:c5:b2:71:aa:eb:5c:57:de:71:f9:40:
0a:dd:5b:ac:1e:84:2d:50:1a:52:d6:e1:f3:6b:6e:
90:64:4f:5b:b4:eb:20:e4:61:10:da:5a:f0:ea:e4:
42:d7:01:c4:fe:21:1f:d9:b9:c0:54:95:42:81:52:
72:1f:49:64:7a:c8:6c:24:f1:08:70:0b:4d:a5:a0:
32:d1:a0:1c:57:a8:4d:e3:af:a5:8e:05:05:3e:10:
43:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63
X509v3 Authority Key Identifier:
AD:91:99:0B:C2:2A:B1:F5:17:04:8C:23:B6:65:5A:26:8E:34:5A:63
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Key Usage:
Digital Signature, Certificate Sign, CRL Sign
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.canonical.com/secure-boot-master-ca.crl
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
3f:7d:f6:76:a5:b3:83:b4:2b:7a:d0:6d:52:1a:03:83:c4:12:
a7:50:9c:47:92:cc:c0:94:77:82:d2:ae:57:b3:99:04:f5:32:
3a:c6:55:1d:07:db:12:a9:56:fa:d8:d4:76:20:eb:e4:c3:51:
db:9a:5c:9c:92:3f:18:73:da:94:6a:a1:99:38:8c:a4:88:6d:
c1:fc:39:71:d0:74:76:16:03:3e:56:23:35:d5:55:47:5b:1a:
1d:41:c2:d3:12:4c:dc:ff:ae:0a:92:9c:62:0a:17:01:9c:73:
e0:5e:b1:fd:bc:d6:b5:19:11:7a:7e:cd:3e:03:7e:66:db:5b:
a8:c9:39:48:51:ff:53:e1:9c:31:53:91:1b:3b:10:75:03:17:
ba:e6:81:02:80:94:70:4c:46:b7:94:b0:3d:15:cd:1f:8e:02:
e0:68:02:8f:fb:f9:47:1d:7d:a2:01:c6:07:51:c4:9a:cc:ed:
dd:cf:a3:5d:ed:92:bb:be:d1:fd:e6:ec:1f:33:51:73:04:be:
3c:72:b0:7d:08:f8:01:ff:98:7d:cb:9c:e0:69:39:77:25:47:
71:88:b1:8d:27:a5:2e:a8:f7:3f:5f:80:69:97:3e:a9:f4:99:
14:db:ce:03:0e:0b:66:c4:1c:6d:bd:b8:27:77:c1:42:94:bd:
fc:6a:0a:bc
--- End Message ---
--- Begin Message ---
Source: shim-signed
Source-Version: 1.48
Done: Steve McIntyre <[email protected]>
We believe that the bug you reported is fixed in the latest version of
shim-signed, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Steve McIntyre <[email protected]> (supplier of updated shim-signed package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 17 May 2026 22:47:06 +0100
Source: shim-signed
Architecture: source
Version: 1.48
Distribution: unstable
Urgency: medium
Maintainer: Debian EFI Team <[email protected]>
Changed-By: Steve McIntyre <[email protected]>
Closes: 1064102 1112197
Changes:
shim-signed (1.48) unstable; urgency=medium
.
* Add support for verifying and then combining signatures from
multiple signed shims.
+ Existing sbverify versions in Debian are buggy when verifying.
+ Switch to using a python script verify_combine_sigs to fill in
the gaps.
* In preinst, try to verify that the signed shim we're trying to
install will actually boot on this system - let's not break
systems on upgrade.
* We now include a dual-signed shim including the 2023 CA.
Closes: #1112197
* The shim included is now NX-capable. Closes: #1064102
Checksums-Sha1:
07c44b7c30573429a76a13043871207cb1ff2a17 1915 shim-signed_1.48.dsc
b9f75ff283a59562435c4b1d2a07b205235067fa 823812 shim-signed_1.48.tar.xz
bd7440dc08887c7626ddd0022fcc06b4a31925d1 6069 shim-signed_1.48_source.buildinfo
Checksums-Sha256:
2a445a17665bae50c88e66d1ff414f90156c0eae8042186a64b1433d09f3c8ff 1915
shim-signed_1.48.dsc
bf6a380e29c8291539db6902d2794fa841b6b546f4bf760b10c5fa13c42880f6 823812
shim-signed_1.48.tar.xz
029173ff3681b8a5bb8ba4f8f1990b5822e26c89a679f602c8892387148f2d43 6069
shim-signed_1.48_source.buildinfo
Files:
61c6adafdf38a6d44165b0598c2dbba7 1915 utils optional shim-signed_1.48.dsc
8d9812cf852b3d682e774c5d2a1f7b67 823812 utils optional shim-signed_1.48.tar.xz
41824bba1284a785951bc02d43a915d8 6069 utils optional
shim-signed_1.48_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmoLESERHDkzc2FtQGRl
Ymlhbi5vcmcACgkQWHl5VzRCaE69pg/+KTItRsIGRV1ySoIz0nGW8K917IEQJu/O
m470oT74QODltetkUf8m95hAIZWkaDHVZov791J8yUV3QsnI9cBZ4pTVOqRkwQXo
uNB9NWOVcQMG91UH9MgscCelQ1tLPzoO4dzqY7/zO0QRxnGZ1QjVOum7xq0gHwvW
wnaW2YNY0FMU2Ya1aqKlI2WC4BuNJPwboQvy/hxfN2hVx5LGH396+Vnux6nqPaFt
zRMBfF3RCmQmTOdnXeBNvP3NOLozS/L63o8//3he6Ne6t9WomEZJhRlnWXG628iC
4/2j3ihWijknP8W6PgrlZb0Ku7bAqwzLqkWn5E1o6RYJLa/RGcAnmKKKDd6PXNVx
aHISSkt/ktMWdjRYca5IHwllzT6p6/p43SCBeKtrFXUSySr/OAFBKIopNiIZMus0
muCicmJ4vUNXr1FbCn/Gu4W5kR8bxF3+uajPetKcgJGCz0wquzFN4JonZZ+fClW9
UmEgcJlnIb3baklvVqlW0iENBXVj+yWxxbeEULYn6TKLfoiOEdEIeIk24ryqSTkn
VBbs8vztl6gkXgYCufl5vqLWMD25VNvzjv9DM/QTM8Kcn9+03HlOuihXc3RIzoMN
L951iRs+MCLPzY9V3dQiwinNMRH71gw6v5FBNxvrQDXf13QU/+GGEgQlCMrMEH5Z
6E+DvgpJf2c=
=Ija/
-----END PGP SIGNATURE-----
pgp9UBxbStlq1.pgp
Description: PGP signature
--- End Message ---
