This change was made by a bot.
** Changed in: linux (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1981449
Title:
5.19 kernel does not load MOK keys
Status in linux package in Ubuntu:
Confirmed
Bug description:
The 5.19 kernel only reads the db and dbx keys:
jak@jak-t480s:~:master$ journalctl -b -1 -k | grep integrity
Jul 09 21:34:14 jak-t480s kernel: integrity: Platform Keyring initialized
Jul 09 21:34:14 jak-t480s kernel: integrity: Machine keyring initialized
Jul 09 21:34:14 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:db
Jul 09 21:34:14 jak-t480s kernel: integrity: Loaded X.509 cert 'Lenovo Ltd.:
ThinkPad Product CA 2012: 838b1f54c1550463f45f98700640f11069265949'
Jul 09 21:34:14 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:db
Jul 09 21:34:14 jak-t480s kernel: integrity: Loaded X.509 cert 'Lenovo UEFI
CA 2014: 4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
Jul 09 21:34:14 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:db
Jul 09 21:34:14 jak-t480s kernel: integrity: Loaded X.509 cert 'Microsoft
Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
Jul 09 21:34:14 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:db
Jul 09 21:34:14 jak-t480s kernel: integrity: Loaded X.509 cert 'Microsoft
Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53'
Jul 09 21:34:14 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:db
Jul 09 21:34:14 jak-t480s kernel: integrity: Loaded X.509 cert 'UEFI key for
~ubuntu-uefi-team/ubuntu/ppa UEFI: 131b868222e85383c2e71ae489372ffac6ce29ed'
Jul 09 21:34:14 jak-t480s kernel: integrity: Revoking X.509 certificate:
UEFI:dbx
Jul 09 21:34:14 jak-t480s kernel: integrity: Revoking X.509 certificate:
UEFI:dbx
The 5.15 kernel also loads the mok keys
jak@jak-t480s:~:master$ journalctl -b -2 -k | grep integrity
Jun 27 23:10:55 jak-t480s kernel: integrity: Platform Keyring initialized
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:db
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert 'Lenovo Ltd.:
ThinkPad Product CA 2012: 838b1f54c1550463f45f98700640f11069265949'
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:db
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert 'Lenovo UEFI
CA 2014: 4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:db
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert 'Microsoft
Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:db
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert 'Microsoft
Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53'
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:db
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert 'UEFI key for
~ubuntu-uefi-team/ubuntu/ppa UEFI: 131b868222e85383c2e71ae489372ffac6ce29ed'
Jun 27 23:10:55 jak-t480s kernel: integrity: Revoking X.509 certificate:
UEFI:dbx
Jun 27 23:10:55 jak-t480s kernel: integrity: Revoking X.509 certificate:
UEFI:dbx
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:MokListRT (MOKvar table)
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert 'Canonical
Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63'
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:MokListRT (MOKvar table)
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert 'jak-t480s
Secure Boot Module Signature key: ac5ed055ca0a71e3a2343dd42d5afe0cffdd3ef8'
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:MokListRT (MOKvar table)
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert 'jak-t480s
Secure Boot Module Signature key: dc4bc63447738df295a67d455ef7ea0eb3e14945'
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:MokListRT (MOKvar table)
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert 'UEFI key for
~ci-train-ppa-service/ubuntu/4093 UEFI:
bbfd16fec6b3ba059a0f011203a5cd493a4529b7'
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:MokListRT (MOKvar table)
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert 'UEFI key for
~ubuntu-uefi-team/ubuntu/ppa UEFI: 131b868222e85383c2e71ae489372ffac6ce29ed'
Jun 27 23:10:55 jak-t480s kernel: integrity: Loading X.509 certificate:
UEFI:MokListRT (MOKvar table)
Jun 27 23:10:55 jak-t480s kernel: integrity: Loaded X.509 cert
'4845da95ac2b4c1ba5f604ff45a89d83 db: 34c5d6debab4133cf0b663f5799e580f31f594c1'
ProblemType: Bug
DistroRelease: Ubuntu 22.10
Package: linux-image-5.19.0-9-generic 5.19.0-9.9
ProcVersionSignature: Ubuntu 5.19.0-9.9-generic 5.19.0-rc5
Uname: Linux 5.19.0-9-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.22.0-0ubuntu4
Architecture: amd64
AudioDevicesInUse:
USER PID ACCESS COMMAND
/dev/snd/controlC2: jak 3308 F.... wireplumber
/dev/snd/controlC1: jak 3308 F.... wireplumber
/dev/snd/controlC0: jak 3308 F.... wireplumber
/dev/snd/seq: jak 3291 F.... pipewire
CasperMD5CheckResult: unknown
CurrentDesktop: GNOME
Date: Tue Jul 12 15:40:34 2022
HibernationDevice: RESUME=none
InstallationDate: Installed on 2018-03-14 (1580 days ago)
InstallationMedia: Ubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180313)
MachineType: LENOVO 20L8S02D00
ProcFB: 0 i915drmfb
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-5.19.0-9-generic
root=/dev/mapper/ubuntu--vg-root ro rootflags=subvol=@ quiet splash
zswap.enabled=1 zswap.compressor=zstd zswap.max_pool_percent=20
zswap.zpool=z3fold vt.handoff=7
PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: No
PulseAudio daemon running, or not running as session daemon.
RelatedPackageVersions:
linux-restricted-modules-5.19.0-9-generic N/A
linux-backports-modules-5.19.0-9-generic N/A
linux-firmware 20220711.gitdfa29317-0ubuntu1
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 08/11/2021
dmi.bios.release: 1.47
dmi.bios.vendor: LENOVO
dmi.bios.version: N22ET70W (1.47 )
dmi.board.asset.tag: Not Available
dmi.board.name: 20L8S02D00
dmi.board.vendor: LENOVO
dmi.board.version: Not Defined
dmi.chassis.asset.tag: No Asset Information
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: None
dmi.ec.firmware.release: 1.22
dmi.modalias:
dmi:bvnLENOVO:bvrN22ET70W(1.47):bd08/11/2021:br1.47:efr1.22:svnLENOVO:pn20L8S02D00:pvrThinkPadT480s:rvnLENOVO:rn20L8S02D00:rvrNotDefined:cvnLENOVO:ct10:cvrNone:skuLENOVO_MT_20L8_BU_Think_FM_ThinkPadT480s:
dmi.product.family: ThinkPad T480s
dmi.product.name: 20L8S02D00
dmi.product.sku: LENOVO_MT_20L8_BU_Think_FM_ThinkPad T480s
dmi.product.version: ThinkPad T480s
dmi.sys.vendor: LENOVO
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1981449/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
