My guess is that Brad's been getting all his kernels from the ckt PPA, which means they'd all have snakeoil sigs on them instead of the archive sig. In this case, "linux-image-4.17.0-6-generic" and "linux- image-4.17.0-6-generic" aren't the same thing, cause linux-signed binaries are rebuilt when we copy to the archive.
Disabling the ckt PPA and doing an "apt-get --reinstall install <list of packages above>" will probably fix it. In future, I imagine kernel team folks might want to add their PPA's EFI signing key to MOK on systems where they're likely to run PPA kernels. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1789918 Title: /boot/vmlinux-4.17 has invalid signature To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1789918/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
