Missing KEK and DB variables with secure boot disabled

Alex Hung alex.hung at canonical.com
Fri Sep 26 08:57:06 UTC 2014


On Fri, Sep 26, 2014 at 4:53 PM, Colin Ian King <colin.king at canonical.com>
wrote:

> On 26/09/14 09:48, Matt Fleming wrote:
> > Hi folks,
> >
> > I'm currently running the securebootcert test on an Intel SDV and seeing
> > failures for missing KEK and DB variables, despite the fact that secure
> > boot isn't enabled and we're in setup mode, i.e.,
> >
> >   securebootcert: The secure boot variable DB not found.
> >   securebootcert: The secure boot variable KEK not found.
> >
> > It's not clear to me that these should be failures in this scenario,
> > which is pretty common when you're working on a non-OEM machine.
> >
> > What's the rationale for making these missing variables a hard fail?
>
> I guess that's just an oversight.
>
> > And
> > do people think it would be reasonable to relax this test in non-secure
> > mode?
> >
>
> +1 on that.
>
​+1 too
​


>
> I've file a bug, https://bugs.launchpad.net/fwts/+bug/1374351
>
> Ivan, do you mind looking at at this? Thanks!
>
> Colin
>
>
>
> --
> fwts-devel mailing list
> fwts-devel at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/fwts-devel
>



-- 
Cheers,
Alex Hung
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/fwts-devel/attachments/20140926/6666b2f5/attachment.html>


More information about the fwts-devel mailing list