# grep CODENAME /etc/os-release
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
# uname -r
5.11.0-34-generic
dmesg:
[ 0.797134] blacklist: Loading compiled-in revocation X.509 certificates
[ 0.797696] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing:
61482aa2830d0ab2ad5af10b7250da9033ddcef0'
built-in revocation cert is loaded
[ 0.806069] integrity: Loading X.509 certificate: UEFI:MokListRT (MOKvar
table)
[ 0.806848] integrity: Loaded X.509 cert 'Canonical Ltd. Master Certificate
Authority: ad91990bc22ab1f517048c23b6655a268e345a63'
mokvar table is available, and is used.
# keyctl list %:.blacklist | grep Canonical
613299796: ---lswrv 0 0 asymmetric: Canonical Ltd. Secure Boot Signing:
61482aa2830d0ab2ad5af10b7250da9033ddcef0
# keyctl list %:.blacklist | grep bin: | wc
79 474 8853
# mokutil --list-enrolled --mokx
[key 1]
[SHA-256]
0000000000000000000000000000000000000000000000000000000000000000
Revoked binaries are correctly loaded from MOKvar table, despite not
being mirrored into MokListXRT efi variable.
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928679
Title:
Support importing mokx keys into revocation list from the mok table
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1928679/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
