Package: shim-signed Version: 1.28+nmu1+0.9+1474479173.6c180c6-1 Severity: normal
Dear Maintainer, I started receiving "Failed to set MokSBStateRT: (2) Invalid Parameter" error message before boot screen after installing shim-signed package while upgrading grub-efi-amd64-signed package. This error message is displayed even if secure boot is disabled. I can continue to grub screen after selecting [OK]. However, boot fails due to kernel signature validation if secure boot is enabled. The system boots without any issues if secure boot is disabled. I have already enrolled Debian's cert and the test cert. They are listed in the output of `moklist --list`. A similar bug has been filed against Ubuntu as well [1]. It looks like a patch addressing this issue has been merged to the upstream [2]. Info about my system: # dmidecode 3.2 Getting SMBIOS data from sysfs. SMBIOS 3.0.0 present. Table at 0x000E0000. Handle 0x0000, DMI type 0, 24 bytes BIOS Information Vendor: Dell Inc. Version: 2.11.2 Release Date: 11/07/2018 Address: 0xF0000 Runtime Size: 64 kB ROM Size: 16 MB Characteristics: PCI is supported PNP is supported BIOS is upgradeable BIOS shadowing is allowed Boot from CD is supported Selectable boot is supported EDD is supported 5.25"/1.2 MB floppy services are supported (int 13h) 3.5"/720 kB floppy services are supported (int 13h) 3.5"/2.88 MB floppy services are supported (int 13h) Print screen service is supported (int 5h) 8042 keyboard services are supported (int 9h) Serial services are supported (int 14h) Printer services are supported (int 17h) ACPI is supported USB legacy is supported BIOS boot specification is supported Function key-initiated network boot is supported Targeted content distribution is supported UEFI is supported BIOS Revision: 2.11 Handle 0x0001, DMI type 1, 27 bytes System Information Manufacturer: Dell Inc. Product Name: Precision Tower 3620 Version: Not Specified Serial Number: *redacted* UUID: *redacted* Wake-up Type: Power Switch SKU Number: 06B7 Family: Precision Handle 0x0002, DMI type 2, 15 bytes Base Board Information Manufacturer: Dell Inc. Product Name: 0MWYPT Version: A02 Serial Number: *redacted* Asset Tag: Not Specified Features: Board is a hosting board Board is replaceable Location In Chassis: Not Specified Chassis Handle: 0x0003 Type: Motherboard Contained Object Handles: 0 -- Thanks, Omer [1] https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1644806 [2] https://github.com/rhboot/shim/commit/07bda58 -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing'), (100, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages shim-signed depends on: ii debconf [debconf-2.0] 1.5.70 ii grub-efi-amd64-bin 2.02+dfsg1-11 ii grub2-common 2.02+dfsg1-11 ii mokutil 0.2.0-1+b3 ii shim 0.9+1474479173.6c180c6-1 Versions of packages shim-signed recommends: pn secureboot-db <none> shim-signed suggests no packages. -- debconf information: shim/title/secureboot: shim/secureboot_explanation: shim/error/bad_secureboot_key: shim/error/secureboot_key_mismatch: shim/enable_secureboot: false shim/disable_secureboot: true