This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
trusty' to 'verification-done-trusty'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See for documentation how
to enable and use -proposed. Thank you!

** Tags added: verification-needed-trusty

You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.

  linux: MokSBState is ignored

Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Trusty:
  Fix Released
Status in linux source package in Vivid:
  Fix Released
Status in linux source package in Wily:
  Fix Released
Status in linux source package in Xenial:
  Fix Released

Bug description:
  Ubuntu-4.4.0-20.36 was released with signed module enforcement
  enabled, but contained no way of disabling secure boot for DKMS.
  Without these kernel patches it is possible to get your machine in an
  unbootable state, especially if you don't have a fallback kernel.

  This patch set implements the ability to disable secure boot on demand
  from user space (with some password shennaigans). If one boots in
  secure boot mode and then installs a third party module (such as
  DKMS), then a dialog is displayed giving the user an option to disable
  secure boot, thereby also disabling module signature verification.
  Patch 1/2 is a scaffold patch of which only the GUID macros are
  actually used. The rest of the code is fenced by
  CONFIG_MODULE_SIG_UEFI which will not be enabled until a later series.
  Patch 2/2 is where MOKSBState is read and implemented. Patch 3/3
  simply prints a bit more informative state information.

  Information regarding secure boot and signed module enforcement will
  appear in the kernel log thusly:

  'Secure boot enabled' - normal secure boot operation with signed module 
  'Secure boot MOKSBState disabled' - UEFI Secure boot state has been 
over-ridden by MOKSBState. No signed module enforcement.

  In the absense of a 'Secure boot' string assume that secure boot is
  disabled or does not exist.

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to