[Bug 1856410] Re: ubiquity prompts for a MOK password that it then does not use

Steve Langasek steve.langasek at canonical.com
Wed Apr 22 19:04:41 UTC 2020 

** Also affects: ubiquity (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Changed in: ubiquity (Ubuntu Focal)
    Milestone: None => ubuntu-20.04.1

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1856410

Title:
  ubiquity prompts for a MOK password that it then does not use

Status in ubiquity package in Ubuntu:
  New
Status in ubiquity source package in Focal:
  New

Bug description:
  When opting to install non-free drivers on my new laptop, ubiquity
  tells me that:

    Installing third-party drivers requires configuring Secure Boot. To do this,
    you need to choose a security key now, and enter it when the system restarts.

  And it forces me to choose a password.

  However, the only hardware on my system that has non-free drivers is
  nvidia; and thanks to linux-restricted-modules, it should not be
  necessary to use locally-built dkms modules for nvidia (but see also
  https://bugs.launchpad.net/ubuntu/+source/linux-restricted-
  modules/+bug/1856407).

  I should not be prompted to create another password for a thing before
  we know it's actually going to be needed / used.  This means ubiquity
  should know to only prompt for a password and invoke mokutil if
  proprietary drivers other than linux-modules-nvidia will actually be
  installed.

  Also, note that the unlike ubiquity, dkms/shim-signed debconf handling
  of the secureboot does not use a 'password' field type.  This is not a
  sensitive password that must be kept secret, it is only used to prove
  to MokManager when running from UEFI that the key enrollment request
  came from the person who has physical control of the hardware and is
  used one time, then discarded.  So there's really no need to hide the
  text being entered in this field.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1856410/+subscriptions

More information about the foundations-bugs mailing list