Public bug reported:
I have UEFI Secure Boot enabled and when I boot to the linux I don't see
message 'You are booting in insecure mode' or something like that, but
when I am in OS and i check for shim secure boot state i got this.
$ mokuitil --sb-state
SecureBoot disabled
when I want to enable I got error in MokManager that secure boot state
is not empty or something like that. Which I think means that I have
enabled shim secure boot state but with above command it's wrong output.
>From there i can --disable-validation (with message at boot that it is
in insecure mode)and after that i can --enable-validation which will
give me still SecureBoot disabled without message at boot.
With hexdump first line finishes with 0 which means that shims secure
boot state is disabled. If it's 1 it would be enabled. This is i think
the problem with output, probably.
$ hexdump
/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
0000000 0006 0000 0000
0000005
Problem 2!
with dmesg I see that i have enrolled trusted key
Loaded UEFI:MokListRT cert 'Canonical Ltd. Master Certificate Authority:
ad91990bc22ab1f517048c23b6655a268e345a63' linked to secondary sys
keyring
and with $mokutil --list-enrolled i see that key. but when i want to
delete it in MokManager I got again error 0xEd or something similar. I
tried manually to delete through --export and through mokutil --reset.
Nothing worked. I don't know whether i can even delete this key and what
is it. But I want to delete all keys signed by me.
I want to delete this key because when i import trusted keys from UEFI
motherboard there is the same key with the same ID. but it's from db
list.
Thanks for help.
Thanks.
** Affects: mokutil (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1776068
Title:
Can't remove enrolled keys and change SecureBoot state
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mokutil/+bug/1776068/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
