I have reproduced this and can confirm it only affects 4.8 kernels. I have a Ubuntu 16.04 system with secure boot enabled, and the 4.4 kernels were enforcing it. Installing and rebooting into the linux-image- generic-hwe-edge kernel (4.8.0-34.36~16.04.1-generic) and everything before the kernel thinks secure boot is enabled, but the kernel does not and freely loads unsigned modules.
$ cat /proc/version_signature Ubuntu 4.4.0-59.80-generic 4.4.35 $ mokutil --sb-state SecureBoot enabled $ sysctl kernel.secure_boot kernel.secure_boot = 1 $ cat /proc/version_signature Ubuntu 4.8.0-34.36~16.04.1-generic 4.8.11 $ mokutil --sb-state SecureBoot enabled $ sysctl kernel.secure_boot kernel.secure_boot = 0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1658255 Title: Kernel not enforcing module signatures under SecureBoot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1658255/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
