sign-efi-sig-list uses PKCS7 for variable updates
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| efitools (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| Focal |
Confirmed
|
Medium
|
Unassigned | ||
Bug Description
When building some software (https:/
I ran into a problem/bug in efitools 'sign-efi-
The end result in my case was that an attempt to update the PK variable
in uefi (ovmf files from 20.04 with qemu from 20.04) resulted in an
exit code of 26 (EFI_SECURITY_
FS0:\> sb_setup.efi
SB_SETUP: attempting to configure UEFI Secure Boot
SB_SETUP: system is in Setup Mode
SB_SETUP: KEK installed
SB_SETUP: db installed
SB_SETUP: unable to set the PK variable (26)
sign-efi-sig-list was used to generate an update to PK in the build process.
The fix upstream is https:/
Unfortunately it does not easily cherry-pick to 1.8.1 (20.04's version).
There is only a small amount of changes from 1.8.1 to 21.04's version (1.9.2), so the easiest/safest fix may be to just update.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: efitools 1.8.1-0ubuntu2
ProcVersionSign
Uname: Linux 5.8.0-63-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Fri Aug 20 14:55:19 2021
InstallationDate: Installed on 2020-01-15 (582 days ago)
InstallationMedia: Ubuntu 18.04.3 LTS "Bionic Beaver" - Release amd64 (20190805)
ProcEnviron:
TERM=screen.
PATH=(custom, no user)
XDG_RUNTIME_
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: efitools
UpgradeStatus: Upgraded to focal on 2020-04-17 (490 days ago)
| Scott Moser (smoser) wrote | #1 |
| description: | updated |
| Changed in efitools (Ubuntu): | |
| status: | New → Fix Released |
| Changed in efitools (Ubuntu Focal): | |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| tags: | added: rls-ff-incoming |
