Activity log for bug #1829029

Date Who What changed Old value New value Message
2019-05-14 15:04:52 Michael Thayer bug added bug
2019-05-14 15:06:34 Michael Thayer attachment added First suggested patch https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1829029/+attachment/5263673/+files/update-secureboot-policy.diff
2019-05-14 15:10:21 Michael Thayer description Already discussed by e-mail/IRC with Matthieu. We (the VirtualBox team) would like to call update-secureboot-policy to enroll a signing key when we install our host kernel modules on Ubuntu/Debian systems. However, currently the tool exits if no DKMS modules are found. This patch would add a "--force" parameter which would let us call the tool interactively as part of our installation scripts even if DKMS was not installed. Not sure how or if we should handle the new DKMS list in non-interactive mode. ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: shim-signed 1.39+15+1533136590.3beb971-0ubuntu1 ProcVersionSignature: Ubuntu 5.0.0-13.14-generic 5.0.6 Uname: Linux 5.0.0-13-generic x86_64 .proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] Нет такого файла или каталога: '/proc/sys/kernel/moksbstate_disabled' ApportVersion: 2.20.10-0ubuntu27 Architecture: amd64 CasperVersion: 1.405 CurrentDesktop: ubuntu:GNOME Date: Tue May 14 16:56:38 2019 EFITables: Mai 13 11:05:20 michael-ThinkPad-T470 kernel: efi: EFI v2.50 by Lenovo Mai 13 11:05:20 michael-ThinkPad-T470 kernel: efi: SMBIOS=0x9a6d8000 SMBIOS 3.0=0x9a6d5000 ACPI=0x9b5fe000 ACPI 2.0=0x9b5fe014 ESRT=0x9a5a2000 MEMATTR=0x9532e298 TPMEventLog=0x8e96d018 Mai 13 11:05:20 michael-ThinkPad-T470 kernel: secureboot: Secure boot enabled Mai 13 11:05:20 michael-ThinkPad-T470 kernel: esrt: Reserving ESRT space from 0x000000009a5a2000 to 0x000000009a5a2088. Mai 13 11:05:21 michael-ThinkPad-T470 kernel: Bluetooth: hci0: Secure boot is enabled InstallationDate: Installed on 2018-06-12 (335 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) LiveMediaBuild: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) SecureBoot: 6 0 0 0 1 SourcePackage: shim-signed UpgradeStatus: Upgraded to disco on 2019-03-26 (49 days ago) Already discussed by e-mail/IRC with Mathieu. We (the VirtualBox team) would like to call update-secureboot-policy to enroll a signing key when we install our host kernel modules on Ubuntu/Debian systems. However, currently the tool exits if no DKMS modules are found. This patch would add a "--force" parameter which would let us call the tool interactively as part of our installation scripts even if DKMS was not installed. Not sure how or if we should handle the new DKMS list in non-interactive mode. ProblemType: Bug DistroRelease: Ubuntu 19.04 Package: shim-signed 1.39+15+1533136590.3beb971-0ubuntu1 ProcVersionSignature: Ubuntu 5.0.0-13.14-generic 5.0.6 Uname: Linux 5.0.0-13-generic x86_64 .proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] Нет такого файла или каталога: '/proc/sys/kernel/moksbstate_disabled' ApportVersion: 2.20.10-0ubuntu27 Architecture: amd64 CasperVersion: 1.405 CurrentDesktop: ubuntu:GNOME Date: Tue May 14 16:56:38 2019 EFITables:  Mai 13 11:05:20 michael-ThinkPad-T470 kernel: efi: EFI v2.50 by Lenovo  Mai 13 11:05:20 michael-ThinkPad-T470 kernel: efi: SMBIOS=0x9a6d8000 SMBIOS 3.0=0x9a6d5000 ACPI=0x9b5fe000 ACPI 2.0=0x9b5fe014 ESRT=0x9a5a2000 MEMATTR=0x9532e298 TPMEventLog=0x8e96d018  Mai 13 11:05:20 michael-ThinkPad-T470 kernel: secureboot: Secure boot enabled  Mai 13 11:05:20 michael-ThinkPad-T470 kernel: esrt: Reserving ESRT space from 0x000000009a5a2000 to 0x000000009a5a2088.  Mai 13 11:05:21 michael-ThinkPad-T470 kernel: Bluetooth: hci0: Secure boot is enabled InstallationDate: Installed on 2018-06-12 (335 days ago) InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) LiveMediaBuild: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426) SecureBoot: 6 0 0 0 1 SourcePackage: shim-signed UpgradeStatus: Upgraded to disco on 2019-03-26 (49 days ago)
2019-05-14 16:23:23 Ubuntu Foundations Team Bug Bot tags amd64 apport-bug disco wayland-session amd64 apport-bug disco patch wayland-session
2019-05-14 16:23:30 Ubuntu Foundations Team Bug Bot bug added subscriber Ubuntu Review Team
2019-05-16 19:38:25 Mathieu Trudel-Lapierre shim-signed (Ubuntu): status New Triaged
2019-05-16 19:38:28 Mathieu Trudel-Lapierre shim-signed (Ubuntu): importance Undecided Wishlist