Package: mokutil
Version: 0.3.0+1538710437.fb6250f-1
Severity: minor
mokutil(1) has this to say about "validation":
mokutil [--disable-validation]
mokutil [--enable-validation]
[...]
--disable-validation
Disable the validation process in shim
--enrolled-validation
Enable the validation process in shim
This seems like a contradiction: is it `enrolled` or `enable`? I tried
`enable` and it worked, so maybe it's the first? In any case, it seems
the manpage should be fixed.
For some mysterious reason, `mokutil --enable-validation` is the magic
thing I had to do to get secureboot working here. I have no idea what
it does and the manpage doesn't really explain that beyond saying "it
enables the validation, duh". It would be great if the docs would
actually say what that thing actually does so I'm not totally in the
dark about what i'm doing with this uber secure thing. :)
Why does that thing prompt for a password anyways?
A.
-- System Information:
Debian Release: 10.0
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mokutil depends on:
ii libc6 2.28-10
ii libefivar1 37-2
ii libssl1.1 1.1.1c-1
mokutil recommends no packages.
mokutil suggests no packages.
-- debconf-show failed
