Manually test with my UEFI develop kit(RainbowPass) platform by following procedures and cannot reproduce this issue.
1. install focal 2. update shim-signed to 1.40.6+15.4.0ubuntu7 and grub2 to 2.04-1ubuntu26.12 3. install mainline kernel(unsigned), https://kernel.ubuntu.com/~kernel-ppa/mainline/v5.8.18/ 4. check or create test kernel key * mkdir -p /var/lib/test_ker/ * openssl genrsa -out /var/lib/test_ker/TestKer.priv 2048 * openssl req -new -x509 -sha256 -subj '/CN=TestKer-key' -key /var/lib/test_ker/TestKer.priv -out /var/lib/test_ker/TestKer.pem * openssl x509 -in /var/lib/test_ker/TestKer.pem -inform PEM -out /var/lib/test_ker/TestKer.der -outform DER 5. signed kernel * sbsign --key /var/lib/test_ker/TestKer.priv --cert /var/lib/test_ker/TestKer.pem --output vmlinuz-5.8.18-05.0818-generic.signed vmlinuz-5.8.18-05.0818-generic 6. enroll mok key * mokutil --import Testker.der 7. reboot -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939565 Title: kernel signed by mok failed to boot if secure boot is on To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1939565/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
