Got the Latitude 7520 machine, from the shim's log, it seems something wrong in the self signed certificate and the binary is not authorized.
And do some tests, basically base on the comment#6, install another test kernel and signed/enrolled with another MOK key manually. 1. install test kernel(unsigned), v5.14.0-rc7 2. shim and grub have already been updated. 3. create a MOK key * mkdir -p /var/lib/test_ker/ * openssl genrsa -out /var/lib/test_ker/TestKer.priv 2048 * openssl req -new -x509 -sha256 -subj '/CN=TestKer-key' -key /var/lib/test_ker/TestKer.priv -out /var/lib/test_ker/TestKer.pem * openssl x509 -in /var/lib/test_ker/TestKer.pem -inform PEM -out /var/lib/test_ker/TestKer.der -outform DER 4. signed kernel * sbsign --key /var/lib/test_ker/TestKer.priv --cert /var/lib/test_ker/TestKer.pem --output vmlinuz-5.14.0-051400rc7-generic.signed vmlinuz-5.14.0-051400rc7-generic 6. enroll mok key * mokutil --import Testker.der 7. reboot The test kernel 5.14 and MOK key work normally. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1939565 Title: kernel signed by mok failed to boot if secure boot is on To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1939565/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
