Package: shim-signed Version: 1.50+16.1-2 Severity: important X-Debbugs-Cc: [email protected]
Dear Maintainer, as suggested on https://wiki.debian.org/SecureBoot/CAChanges, I'm reporting an issue with dual-signed shim on an Asus K551 laptop (same as S551). $ sudo dmidecode | grep -A 3 "System Information" System Information Manufacturer: ASUSTeK COMPUTER INC. Product Name: S551LB Version: 1.0 $ sudo dmidecode | grep -A 3 "Platform Firmware Information" Platform Firmware Information Vendor: American Megatrends Inc. Version: S551LB.212 Release Date: 04/25/2014 Starting from version 1.48 of shim-signed (that introduced the dual signature), system refuses to boot with "Invalid signature detected" message. (I'm currently pinned to 1.47 to keep Secure Boot enabled) These are my installed DB and KEK certificates (I already installed the 2023 certificates while trying to debug myself, all other certificates were pre- installed) $ mokutil --db --short 62b51ed2e6 ASUSTeK Notebook SW Key Certificate 16b36b31bb ASUSTeK MotherBoard SW Key Certificate 46def63b5c Microsoft Corporation UEFI CA 2011 580a6f4cc4 Microsoft Windows Production PCA 2011 76a0920658 Canonical Ltd. Master Certificate Authority b5eeb4a670 Microsoft UEFI CA 2023 $ mokutil --kek --short 5c2c5f8653 ASUSTeK Notebook KEK Certificate 31590bfd89 Microsoft Corporation KEK CA 2011 76a0920658 Canonical Ltd. Master Certificate Authority 459ab6fb5e Microsoft Corporation KEK 2K CA 2023 I'm reporting with "important" severity, following the severity descriptions from reportbug, (definitely not "critical", considering this is a quite old system). Feel free to change the severity either raising of lowering it, if appropriate. -- System Information: Debian Release: forky/sid APT prefers unstable APT policy: (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 7.0.10+deb14-amd64 (SMP w/4 CPU threads; PREEMPT) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=it Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system)
