Package: shim Version: 0.9+1474479173.6c180c6-1 Severity: important Dear Maintainer,
mmx64.efi.signed is used to install new public keys for secure boot this includes the Debian public testing key https://salsa.debian.org/kernel-team/linux/raw/debian/4.19.9-1/debian/certs/test-signing-certs.pem mmx64.efi.signed is neither signed with the Debian test certificated nor is it signed with anything else that my laptop would put trust in. sbverify --cert test-signing-certs.pem /usr/lib/shim/mmx64.efi.signed warning: data remaining[1046176 vs 1168464]: gaps between PE/COFF sections? PKCS7 verification failed 140034475412352:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:285:Verify error:unable to get local issuer certificate Signature verification failed Ok, for a first installation I was able to switch secure boot off, install an EFI shell and start mmx64.efi.signed from the shell. But now that I have enabled secure boot I cannot launch it again. For using mmx64.efi.signed under secure boot it really should be signed with either the Debian testing key or with a Microsoft based signature. For locked down systems where the user cannot switch off secure boot only the second option is viable. --- My Lenovo E585 provides neither an EFI shell nor any tool of its own allowing to install signatures. The description in https://wiki.debian.org/SecureBoot/Testing assumes that an EFI shell is available on all target devices. This assumption is wrong. And I am not aware of any Debian package supplying an EFI shell. So, please, adjust the instructions. Best regards Heinrich -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -- no debconf information
