[Bug 1809274] [NEW] Secure boot MOK password requested for every kernel update even when booting in insecure mode
spm2011
1809274 at bugs.launchpad.net
Thu Dec 20 16:03:25 UTC 2018
Public bug reported:
To reproduce:
- Disable kernel secure boot (booting in insecure mode). System secure boot still enabled
- Update kernel with update-manager
On every kernel update, a dialog appears asking me to enter a MOK secure boot password for temporarily disabling secure boot.
See screenshot
When I reboot, the MOK config screen appears, but I can just ignore it and it boots fine, since secure boot is already disabled in the kernel.
Which makes me wonder why it even needs to ask me to enter a secure boot password every time I update the kernel.
Expected: only ask for a secure boot password on update if it actually
needs to disable kernel secure boot, and kernel secure boot is not
already disabled.
Note that the output of mokutil --sb-state
SecureBoot enabled
However, kernel secure boot is disabled and the system GRUB bootloader
prints a message "Booting in insecure mode" on startup
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-headers-generic 4.15.0.43.45
ProcVersionSignature: User Name 4.15.0-42.45-generic 4.15.18
Uname: Linux 4.15.0-42-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: ubuntu 1672 F.... pulseaudio
/dev/snd/controlC0: ubuntu 1672 F.... pulseaudio
CurrentDesktop: ubuntu:GNOME
Date: Thu Dec 20 10:49:48 2018
EcryptfsInUse: Yes
HibernationDevice: RESUME=none
InstallationDate: Installed on 2018-09-12 (98 days ago)
InstallationMedia: Ubuntu 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731)
MachineType: Dell Inc. Latitude 3340
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-42-generic root=UUID=1c6a1916-ac97-4bdf-8f15-14d986e621a2 ro
RelatedPackageVersions:
linux-restricted-modules-4.15.0-42-generic N/A
linux-backports-modules-4.15.0-42-generic N/A
linux-firmware 1.173.2
SourcePackage: linux
UpgradeStatus: Upgraded to bionic on 2018-09-28 (82 days ago)
dmi.bios.date: 07/09/2018
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A17
dmi.board.vendor: Dell Inc.
dmi.chassis.type: 9
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA17:bd07/09/2018:svnDellInc.:pnLatitude3340:pvr00:rvnDellInc.:rn:rvr:cvnDellInc.:ct9:cvr:
dmi.product.name: Latitude 3340
dmi.product.version: 00
dmi.sys.vendor: Dell Inc.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Affects: mokutil (Ubuntu)
Importance: Undecided
Status: New
** Affects: update-manager (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug bionic
** Attachment added: "secure_boot_ask.png"
https://bugs.launchpad.net/bugs/1809274/+attachment/5223816/+files/secure_boot_ask.png
** Attachment removed: "WifiSyslog.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223831/+files/WifiSyslog.txt
** Attachment removed: "AlsaInfo.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223817/+files/AlsaInfo.txt
** Attachment removed: "CRDA.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223818/+files/CRDA.txt
** Attachment removed: "ProcCpuinfo.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223824/+files/ProcCpuinfo.txt
** Attachment removed: "Lspci.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223822/+files/Lspci.txt
** Attachment removed: "Lsusb.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223823/+files/Lsusb.txt
** Attachment removed: "IwConfig.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223821/+files/IwConfig.txt
** Attachment removed: "CurrentDmesg.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223819/+files/CurrentDmesg.txt
** Attachment removed: "UdevDb.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223830/+files/UdevDb.txt
** Attachment removed: "RfKill.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223829/+files/RfKill.txt
** Attachment removed: "PulseList.txt"
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223828/+files/PulseList.txt
** Also affects: mokutil (Ubuntu)
Importance: Undecided
Status: New
** Also affects: update-manager (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mokutil in Ubuntu.
Matching subscriptions: mokutil-bugs
https://bugs.launchpad.net/bugs/1809274
Title:
Secure boot MOK password requested for every kernel update even when
booting in insecure mode
Status in linux package in Ubuntu:
New
Status in mokutil package in Ubuntu:
New
Status in update-manager package in Ubuntu:
New
Bug description:
To reproduce:
- Disable kernel secure boot (booting in insecure mode). System secure boot still enabled
- Update kernel with update-manager
On every kernel update, a dialog appears asking me to enter a MOK secure boot password for temporarily disabling secure boot.
See screenshot
When I reboot, the MOK config screen appears, but I can just ignore it and it boots fine, since secure boot is already disabled in the kernel.
Which makes me wonder why it even needs to ask me to enter a secure boot password every time I update the kernel.
Expected: only ask for a secure boot password on update if it actually
needs to disable kernel secure boot, and kernel secure boot is not
already disabled.
Note that the output of mokutil --sb-state
SecureBoot enabled
However, kernel secure boot is disabled and the system GRUB bootloader
prints a message "Booting in insecure mode" on startup
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-headers-generic 4.15.0.43.45
ProcVersionSignature: User Name 4.15.0-42.45-generic 4.15.18
Uname: Linux 4.15.0-42-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC1: ubuntu 1672 F.... pulseaudio
/dev/snd/controlC0: ubuntu 1672 F.... pulseaudio
CurrentDesktop: ubuntu:GNOME
Date: Thu Dec 20 10:49:48 2018
EcryptfsInUse: Yes
HibernationDevice: RESUME=none
InstallationDate: Installed on 2018-09-12 (98 days ago)
InstallationMedia: Ubuntu 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731)
MachineType: Dell Inc. Latitude 3340
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcFB: 0 inteldrmfb
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-42-generic root=UUID=1c6a1916-ac97-4bdf-8f15-14d986e621a2 ro
RelatedPackageVersions:
linux-restricted-modules-4.15.0-42-generic N/A
linux-backports-modules-4.15.0-42-generic N/A
linux-firmware 1.173.2
SourcePackage: linux
UpgradeStatus: Upgraded to bionic on 2018-09-28 (82 days ago)
dmi.bios.date: 07/09/2018
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A17
dmi.board.vendor: Dell Inc.
dmi.chassis.type: 9
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.:bvrA17:bd07/09/2018:svnDellInc.:pnLatitude3340:pvr00:rvnDellInc.:rn:rvr:cvnDellInc.:ct9:cvr:
dmi.product.name: Latitude 3340
dmi.product.version: 00
dmi.sys.vendor: Dell Inc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+subscriptions
More information about the foundations-bugs
mailing list