This is due to the patch "[patch] integrity: Do not load MOK and MOKx when
secure boot be disabled" was added to check if secureboot enabled for trusting
the MOK key,
https://lore.kernel.org/lkml/9b93e099fc6ee2a56d70ed338cd79f2c1ddcffa5.ca...@linux.ibm.com/T/
Unfortunately, the checking
Here's the 5.15 log, the 5.19 one was attached by apport as
CurrentDmesg.txt already.
** Attachment added: "dmesg-5.15.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1981449/+attachment/5602675/+files/dmesg-5.15.txt
** Changed in: linux (Ubuntu)
Status: Incomplete =>
please attach full kernel logs, as i need to see messages around those
that you have grepped for as well.
** Changed in: linux (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in
There seems to be an invalid hash presented in MokX, it fails to import
that and then doesn't load MokX (which seems reasonable). I need to
recheck with 5.15 if it still boots, maybe firmware got corrupted or
something (or 5.19 loads the key from the wrong place).
$ mokutil --list-enrolled --mokx
In case you wonder: Yes I have the ubuntu UEFI PPA key in db as I needed
to test out shims signed from there :)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1981449
Title:
5.19 kernel
In the logs I see different values for MOKvar from efi: so maybe it's
calculating something wrongly (or it's just not that stable).
jak@jak-t480s:~:master$ journalctl -k | grep MOK -i
Jul 12 15:14:51 jak-t480s kernel: efi: TPMFinalLog=0xbb592000 SMBIOS=0xba693000
SMBIOS 3.0=0xba69
6 matches
Mail list logo
