Public bug reported:
The version of MokManager currently in xenial-updates and later supports
a MokTimeout variable, which can be set with mokutil --timeout, to
control how long MokManager waits for input instead of having a hard-
coded timeout of 10 seconds.
If the timeout is reached on boot with no input, MokManager clears the
MOK requests and passes control back to shim, which falls back to
booting the OS.
So if you miss seeing MokManager on boot, you have to restart the key
enrollment process from the OS and reboot again.
When we are invoking mokutil automatically on behalf of the user as part
of key generation for dkms modules, we should disable the timeout. We
should never leave the user with broken dkms modules on the system
because they were looking away from the console at the wrong point in
time during a reboot.
** Affects: shim-signed (Ubuntu)
Importance: Undecided
Status: New
** Affects: ubiquity (Ubuntu)
Importance: Undecided
Status: New
** Affects: shim-signed (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: ubiquity (Ubuntu Bionic)
Importance: Undecided
Status: New
** Affects: shim-signed (Ubuntu Eoan)
Importance: Undecided
Status: New
** Affects: ubiquity (Ubuntu Eoan)
Importance: Undecided
Status: Won't Fix
** Also affects: ubiquity (Ubuntu)
Importance: Undecided
Status: New
** Also affects: ubiquity (Ubuntu Eoan)
Importance: Undecided
Status: New
** Also affects: shim-signed (Ubuntu Eoan)
Importance: Undecided
Status: New
** Also affects: ubiquity (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: shim-signed (Ubuntu Bionic)
Importance: Undecided
Status: New
** Description changed:
- The version of MokManager currently in all releases supports a
- MokTimeout variable, which can be set with mokutil --timeout, to control
- how long MokManager waits for input instead of having a hard-coded
- timeout of 10 seconds.
+ The version of MokManager currently in xenial-updates and later supports
+ a MokTimeout variable, which can be set with mokutil --timeout, to
+ control how long MokManager waits for input instead of having a hard-
+ coded timeout of 10 seconds.
If the timeout is reached on boot with no input, MokManager clears the
MOK requests and passes control back to shim, which falls back to
booting the OS.
So if you miss seeing MokManager on boot, you have to restart the key
enrollment process from the OS and reboot again.
When we are invoking mokutil automatically on behalf of the user as part
of key generation for dkms modules, we should disable the timeout. We
should never leave the user with broken dkms modules on the system
because they were looking away from the console at the wrong point in
time during a reboot.
** Changed in: ubiquity (Ubuntu Eoan)
Status: New => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1856422
Title:
always call mokutil with --timeout -1 when enrolling dkms keys
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1856422/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
