Package: shim-signed
Version: 1.28+nmu1+0.9+1474479173.6c180c6-1
Severity: normal
Dear Maintainer,
I started receiving "Failed to set MokSBStateRT: (2) Invalid Parameter" error
message before boot screen after installing shim-signed package while upgrading
grub-efi-amd64-signed package.
This error message is displayed even if secure boot is disabled. I can continue
to grub screen after selecting [OK]. However, boot fails due to kernel
signature validation if secure boot is enabled. The system boots without any
issues if secure boot is disabled.
I have already enrolled Debian's cert and the test cert. They are listed in
the output of `moklist --list`.
A similar bug has been filed against Ubuntu as well [1]. It looks like a patch
addressing this issue has been merged to the upstream [2].
Info about my system:
# dmidecode 3.2
Getting SMBIOS data from sysfs.
SMBIOS 3.0.0 present.
Table at 0x000E0000.
Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
Vendor: Dell Inc.
Version: 2.11.2
Release Date: 11/07/2018
Address: 0xF0000
Runtime Size: 64 kB
ROM Size: 16 MB
Characteristics:
PCI is supported
PNP is supported
BIOS is upgradeable
BIOS shadowing is allowed
Boot from CD is supported
Selectable boot is supported
EDD is supported
5.25"/1.2 MB floppy services are supported (int 13h)
3.5"/720 kB floppy services are supported (int 13h)
3.5"/2.88 MB floppy services are supported (int 13h)
Print screen service is supported (int 5h)
8042 keyboard services are supported (int 9h)
Serial services are supported (int 14h)
Printer services are supported (int 17h)
ACPI is supported
USB legacy is supported
BIOS boot specification is supported
Function key-initiated network boot is supported
Targeted content distribution is supported
UEFI is supported
BIOS Revision: 2.11
Handle 0x0001, DMI type 1, 27 bytes
System Information
Manufacturer: Dell Inc.
Product Name: Precision Tower 3620
Version: Not Specified
Serial Number: *redacted*
UUID: *redacted*
Wake-up Type: Power Switch
SKU Number: 06B7
Family: Precision
Handle 0x0002, DMI type 2, 15 bytes
Base Board Information
Manufacturer: Dell Inc.
Product Name: 0MWYPT
Version: A02
Serial Number: *redacted*
Asset Tag: Not Specified
Features:
Board is a hosting board
Board is replaceable
Location In Chassis: Not Specified
Chassis Handle: 0x0003
Type: Motherboard
Contained Object Handles: 0
--
Thanks,
Omer
[1] https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1644806
[2] https://github.com/rhboot/shim/commit/07bda58
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (100, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages shim-signed depends on:
ii debconf [debconf-2.0] 1.5.70
ii grub-efi-amd64-bin 2.02+dfsg1-11
ii grub2-common 2.02+dfsg1-11
ii mokutil 0.2.0-1+b3
ii shim 0.9+1474479173.6c180c6-1
Versions of packages shim-signed recommends:
pn secureboot-db <none>
shim-signed suggests no packages.
-- debconf information:
shim/title/secureboot:
shim/secureboot_explanation:
shim/error/bad_secureboot_key:
shim/error/secureboot_key_mismatch:
shim/enable_secureboot: false
shim/disable_secureboot: true
