Re: secure boot disabled
On Thu, Feb 1, 2018, 3:52 PM AVwrote: > On Thu, 2018-02-01 at 13:36 -0700, Chris Murphy wrote: > > On Wed, Jan 31, 2018 at 9:53 AM, AV wrote: > > > I installed Fed 27 on a Dell XPS 13 9370 using Fed 27 Live > > > on a usb stick after deleting Ubuntu 16.04 LTS that came > > > installed on the device. > > > > It's possible the kernel version that shipped with Fedora 27 had a > > bug > > related to secure boot notification. I forget exactly what kernel > > versions were affected. Anyway anything in the 4.14 series should > > work. You can check Secure Boot status with mokutil. > > > > $ mokutil --sb-state > > SecureBoot enabled > > Ah, thanks. I was looking for something like this but did not > find mokutil. And indeed SecureBoot is enabled: > > $ mokutil --sb-state > SecureBoot enabled > > The Fed 27 Live version which I used for the install contains > a 4.13 kernel. So the bug with notification is related to 4.13. > But the following update to the 4.14.14-300 kernel did not correct > this. > I suggest filing a Red Hat Bugzilla bug against the kernel. Include complete dmesg. Include mokutil --sb-state, and if you see the very early message about Secure Boot right after the GRUB menu goes away but before the Plymouth boot splash, mention it. Weirdly, Secure Boot support is not in the mainline kernel. Every distro is carrying their own patches including Fedora. Chris Murphy > ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: secure boot disabled
On Thu, 2018-02-01 at 13:36 -0700, Chris Murphy wrote: > On Wed, Jan 31, 2018 at 9:53 AM, AVwrote: > > I installed Fed 27 on a Dell XPS 13 9370 using Fed 27 Live > > on a usb stick after deleting Ubuntu 16.04 LTS that came > > installed on the device. > > It's possible the kernel version that shipped with Fedora 27 had a > bug > related to secure boot notification. I forget exactly what kernel > versions were affected. Anyway anything in the 4.14 series should > work. You can check Secure Boot status with mokutil. > > $ mokutil --sb-state > SecureBoot enabled Ah, thanks. I was looking for something like this but did not find mokutil. And indeed SecureBoot is enabled: $ mokutil --sb-state SecureBoot enabled The Fed 27 Live version which I used for the install contains a 4.13 kernel. So the bug with notification is related to 4.13. But the following update to the 4.14.14-300 kernel did not correct this. AV ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: secure boot disabled
On Wed, Jan 31, 2018 at 9:53 AM, AVwrote: > I installed Fed 27 on a Dell XPS 13 9370 using Fed 27 Live > on a usb stick after deleting Ubuntu 16.04 LTS that came > installed on the device. It's possible the kernel version that shipped with Fedora 27 had a bug related to secure boot notification. I forget exactly what kernel versions were affected. Anyway anything in the 4.14 series should work. You can check Secure Boot status with mokutil. $ mokutil --sb-state SecureBoot enabled -- Chris Murphy ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: secure boot disabled
On Thu, 01 Feb 2018 12:17:26 +0100 AVwrote: > I very much doubt this. On a pc with secure boot you see: > > $ dmesg |grep -i secure > [0.00] secureboot: Secure boot enabled > [0.00] Kernel is locked down from EFI secure boot; see man > kernel_lockdown.7 > [1.364686] Loaded UEFI:MokListRT cert 'Fedora Secure Boot CA: > fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to secondary sys > keyring > > Furthermore at boot (after grub kernel choices) the line: > "EFI Stub: Secure Boot enabled" is shown. I'm chastised for my ignorance. Thanks for the information. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: secure boot disabled
On Wed, 2018-01-31 at 17:30 -0700, stan wrote: > On Wed, 31 Jan 2018 17:53:22 +0100 > AVwrote: > > > However after install I find 'secure boot disabled'. > > $ dmesg | grep -i secure > > [0.00] secureboot: Secure boot disabled > > [5.630671] Loaded UEFI:MokListRT cert 'Fedora Secure Boot CA: > > fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to secondary sys > > keyring > > $ ls -l /sys/firmware/efi/efivars/Secure* > > -rw-r--r--. 1 root root 5 Jan 31 16:33 > > /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d- > > 00e098032b8c > > I don't know much about this, but I would interpret this as saying > that > you have secure boot. Maybe someone more knowledgeable will confirm. > I very much doubt this. On a pc with secure boot you see: $ dmesg |grep -i secure [0.00] secureboot: Secure boot enabled [0.00] Kernel is locked down from EFI secure boot; see man kernel_lockdown.7 [1.364686] Loaded UEFI:MokListRT cert 'Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to secondary sys keyring Furthermore at boot (after grub kernel choices) the line: "EFI Stub: Secure Boot enabled" is shown. AV ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org
Re: secure boot disabled
On Wed, 31 Jan 2018 17:53:22 +0100 AVwrote: > However after install I find 'secure boot disabled'. > $ dmesg | grep -i secure > [0.00] secureboot: Secure boot disabled > [5.630671] Loaded UEFI:MokListRT cert 'Fedora Secure Boot CA: > fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to secondary sys > keyring > $ ls -l /sys/firmware/efi/efivars/Secure* > -rw-r--r--. 1 root root 5 Jan 31 16:33 > /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d- > 00e098032b8c I don't know much about this, but I would interpret this as saying that you have secure boot. Maybe someone more knowledgeable will confirm. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org