Package: refind Version: 0.12.0-1 Severity: normal Dear Maintainer,
The postinst script checks sysfs if Secure Boot is enabled. The sysfs entry is changed from: /sys/firmware/efi/vars/SecureBoot-<UUID>/data to: /sys/firmware/efi/efivars/SecureBoot-<UUID> Thus it doesn't correctly detect Secure Boot. Checking method may be also incorrect. ("od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-<UUID> | tr -d '[[:space:]]'" command shows 60001 or 60000 on my PC) I'm not sure if we can boot with rEFInd under Secure Boot environment after all the above issues will be resolved. It seems the upstream version 0.13.2 improves Secure Boot feature in its refind-install script. I suggest to upgrade to newer version on sid, and make some backports to stable. -- System Information: Debian Release: 11.0 APT prefers stable-security APT policy: (600, 'stable-security'), (600, 'stable'), (90, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-8-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages refind depends on: ii debconf [debconf-2.0] 1.5.77 ii efibootmgr 17-1 ii gdisk 1.0.6-1.1 ii openssl 1.1.1k-1 Versions of packages refind recommends: ii python3 3.9.2-3 ii sbsigntool 0.9.2-2 refind suggests no packages.