# uname -r 5.11.0-34-generic # sudo keyctl list %:.platform 3 keys in keyring: 149920180: ---lswrv 0 0 asymmetric: Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53 434591909: ---lswrv 0 0 asymmetric: Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63 404799886: ---lswrv 0 0 asymmetric: Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4
# sudo keyctl list %:.blacklist | grep bin: | wc 79 474 8854 # sudo keyctl list %:.blacklist | grep Canonical 1050199374: ---lswrv 0 0 asymmetric: Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0 dmesg [ 1.074086] blacklist: Loading compiled-in revocation X.509 certificates [ 1.074714] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0' [ 1.084216] integrity: Loading X.509 certificate: UEFI:MokListRT (MOKvar table) [ 1.085028] integrity: Loaded X.509 cert 'Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63' MOKvar is available, and used to load Master CA into .platform keyring, and hashes into blacklist keyring. ** Tags removed: verification-needed-hirsute ** Tags added: verification-done-hirsute -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1928679 Title: Support importing mokx keys into revocation list from the mok table To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1928679/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs