| 2019-05-14 15:04:52 |
Michael Thayer |
bug |
|
|
added bug |
| 2019-05-14 15:06:34 |
Michael Thayer |
attachment added |
|
First suggested patch https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1829029/+attachment/5263673/+files/update-secureboot-policy.diff |
|
| 2019-05-14 15:10:21 |
Michael Thayer |
description |
Already discussed by e-mail/IRC with Matthieu. We (the VirtualBox team) would like to call update-secureboot-policy to enroll a signing key when we install our host kernel modules on Ubuntu/Debian systems. However, currently the tool exits if no DKMS modules are found. This patch would add a "--force" parameter which would let us call the tool interactively as part of our installation scripts even if DKMS was not installed. Not sure how or if we should handle the new DKMS list in non-interactive mode.
ProblemType: Bug
DistroRelease: Ubuntu 19.04
Package: shim-signed 1.39+15+1533136590.3beb971-0ubuntu1
ProcVersionSignature: Ubuntu 5.0.0-13.14-generic 5.0.6
Uname: Linux 5.0.0-13-generic x86_64
.proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] Нет такого файла или каталога: '/proc/sys/kernel/moksbstate_disabled'
ApportVersion: 2.20.10-0ubuntu27
Architecture: amd64
CasperVersion: 1.405
CurrentDesktop: ubuntu:GNOME
Date: Tue May 14 16:56:38 2019
EFITables:
Mai 13 11:05:20 michael-ThinkPad-T470 kernel: efi: EFI v2.50 by Lenovo
Mai 13 11:05:20 michael-ThinkPad-T470 kernel: efi: SMBIOS=0x9a6d8000 SMBIOS 3.0=0x9a6d5000 ACPI=0x9b5fe000 ACPI 2.0=0x9b5fe014 ESRT=0x9a5a2000 MEMATTR=0x9532e298 TPMEventLog=0x8e96d018
Mai 13 11:05:20 michael-ThinkPad-T470 kernel: secureboot: Secure boot enabled
Mai 13 11:05:20 michael-ThinkPad-T470 kernel: esrt: Reserving ESRT space from 0x000000009a5a2000 to 0x000000009a5a2088.
Mai 13 11:05:21 michael-ThinkPad-T470 kernel: Bluetooth: hci0: Secure boot is enabled
InstallationDate: Installed on 2018-06-12 (335 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
LiveMediaBuild: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
SecureBoot: 6 0 0 0 1
SourcePackage: shim-signed
UpgradeStatus: Upgraded to disco on 2019-03-26 (49 days ago) |
Already discussed by e-mail/IRC with Mathieu. We (the VirtualBox team) would like to call update-secureboot-policy to enroll a signing key when we install our host kernel modules on Ubuntu/Debian systems. However, currently the tool exits if no DKMS modules are found. This patch would add a "--force" parameter which would let us call the tool interactively as part of our installation scripts even if DKMS was not installed. Not sure how or if we should handle the new DKMS list in non-interactive mode.
ProblemType: Bug
DistroRelease: Ubuntu 19.04
Package: shim-signed 1.39+15+1533136590.3beb971-0ubuntu1
ProcVersionSignature: Ubuntu 5.0.0-13.14-generic 5.0.6
Uname: Linux 5.0.0-13-generic x86_64
.proc.sys.kernel.moksbstate_disabled: Error: [Errno 2] Нет такого файла или каталога: '/proc/sys/kernel/moksbstate_disabled'
ApportVersion: 2.20.10-0ubuntu27
Architecture: amd64
CasperVersion: 1.405
CurrentDesktop: ubuntu:GNOME
Date: Tue May 14 16:56:38 2019
EFITables:
Mai 13 11:05:20 michael-ThinkPad-T470 kernel: efi: EFI v2.50 by Lenovo
Mai 13 11:05:20 michael-ThinkPad-T470 kernel: efi: SMBIOS=0x9a6d8000 SMBIOS 3.0=0x9a6d5000 ACPI=0x9b5fe000 ACPI 2.0=0x9b5fe014 ESRT=0x9a5a2000 MEMATTR=0x9532e298 TPMEventLog=0x8e96d018
Mai 13 11:05:20 michael-ThinkPad-T470 kernel: secureboot: Secure boot enabled
Mai 13 11:05:20 michael-ThinkPad-T470 kernel: esrt: Reserving ESRT space from 0x000000009a5a2000 to 0x000000009a5a2088.
Mai 13 11:05:21 michael-ThinkPad-T470 kernel: Bluetooth: hci0: Secure boot is enabled
InstallationDate: Installed on 2018-06-12 (335 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
LiveMediaBuild: Ubuntu 18.04 LTS "Bionic Beaver" - Release amd64 (20180426)
SecureBoot: 6 0 0 0 1
SourcePackage: shim-signed
UpgradeStatus: Upgraded to disco on 2019-03-26 (49 days ago) |
|
| 2019-05-14 16:23:23 |
Ubuntu Foundations Team Bug Bot |
tags |
amd64 apport-bug disco wayland-session |
amd64 apport-bug disco patch wayland-session |
|
| 2019-05-14 16:23:30 |
Ubuntu Foundations Team Bug Bot |
bug |
|
|
added subscriber Ubuntu Review Team |
| 2019-05-16 19:38:25 |
Mathieu Trudel-Lapierre |
shim-signed (Ubuntu): status |
New |
Triaged |
|
| 2019-05-16 19:38:28 |
Mathieu Trudel-Lapierre |
shim-signed (Ubuntu): importance |
Undecided |
Wishlist |
|
