Public bug reported: I'm not sure if this would be filed under linux, mokutils, efitools or whatever package handles the system keyring (methinks linux). My related thread: http://ubuntuforums.org/showthread.php?t=2280063&p=13296983
There is only ONE key in the system_keyring $ sudo keyctl list %:.system_keyring ***** 1 key in keyring: 506366910: ---lswrv 0 0 asymmetric: Magrathea: Glacier signing key: 084a8d7d7040cfda9434734a2c4fd9135026b772 ***** Not even the Canonical Mok is in the ring, nor the rest of the secure-boot keys. $ sudo mokutil --list-enrolled ***** [key 1] SHA1 Fingerprint: e1:65:d2:54:9f:e4:df:5a:be:c3:03:42:3c:f5:6a:97:e1:aa:69:1d //mine [key 2] SHA1 Fingerprint: 4e:ce:a3:2f:f1:e8:91:ee:e9:35:eb:27:63:43:04:96:57:83:13:13 //mine [key 3] SHA1 Fingerprint: 76:a0:92:06:58:00:bf:37:69:01:c3:72:cd:55:a9:0e:1f:de:d2:e0 //Canonical ***** EFI packages knows the secure-boot keys are there, but won't recognize any Moks having been enrolled. $ sudo efi-readvar ***** Variable PK, length 639 PK: List 0, type X509 Signature 0, size 611, owner eea2f5d2-c835-4e8c-ae00-c1605a53bb43 Subject: CN=ASOCK - PK Issuer: CN=Root Agency Variable KEK, length 1560 KEK: List 0, type X509 Signature 0, size 1532, owner 77fa9abd-0359-4d32-bd60-28f4e78f784b Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation KEK CA 2011 Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root Variable db, length 3143 db: List 0, type X509 Signature 0, size 1515, owner 77fa9abd-0359-4d32-bd60-28f4e78f784b Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Windows Production PCA 2011 Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 db: List 1, type X509 Signature 0, size 1572, owner 77fa9abd-0359-4d32-bd60-28f4e78f784b Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011 Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root Variable dbx, length 76 dbx: List 0, type SHA256 Signature 0, size 48, owner 26dc4851-195f-4ae1-9a19-fbf883bbb35e Hash:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Variable MokList has no entries ***** My expectation: http://docs.fedoraproject.org/en-US/Fedora/21/html/System_Administrators_Guide/sect-kernel-module-authentication.html All secure-boot keys would be loaded in the system_keyring. ProblemType: Bug DistroRelease: Ubuntu 15.04 Package: linux-image-3.19.0-20-generic 3.19.0-20.20 ProcVersionSignature: Ubuntu 3.19.0-20.20-generic 3.19.8 Uname: Linux 3.19.0-20-generic x86_64 ApportVersion: 2.17.2-0ubuntu1.1 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC1: nater 1772 F.... pulseaudio /dev/snd/controlC0: nater 1772 F.... pulseaudio Date: Wed Jun 3 01:44:33 2015 EcryptfsInUse: Yes HibernationDevice: RESUME=UUID=cb697e57-b770-47d0-9629-add00e16ddd2 InstallationDate: Installed on 2015-05-31 (2 days ago) InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422) MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M. ProcEnviron: LANGUAGE=en_US TERM=xterm PATH=(custom, no user) LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.19.0-20-generic.efi.signed root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7 PulseList: Error: command ['pacmd', 'list'] failed with exit code 1: Home directory not accessible: Permission denied No PulseAudio daemon running, or not running as session daemon. RelatedPackageVersions: linux-restricted-modules-3.19.0-20-generic N/A linux-backports-modules-3.19.0-20-generic N/A linux-firmware 1.143.1 SourcePackage: linux UdevLog: Error: [Errno 2] No such file or directory: '/var/log/udev' UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 12/15/2014 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: P1.50 dmi.board.name: H97M-ITX/ac dmi.board.vendor: ASRock dmi.chassis.asset.tag: To Be Filled By O.E.M. dmi.chassis.type: 3 dmi.chassis.vendor: To Be Filled By O.E.M. dmi.chassis.version: To Be Filled By O.E.M. dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvrP1.50:bd12/15/2014:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASRock:rnH97M-ITX/ac:rvr:cvnToBeFilledByO.E.M.:ct3:cvrToBeFilledByO.E.M.: dmi.product.name: To Be Filled By O.E.M. dmi.product.version: To Be Filled By O.E.M. dmi.sys.vendor: To Be Filled By O.E.M. ** Affects: linux (Ubuntu) Importance: Undecided Status: Confirmed ** Tags: amd64 apport-bug package-from-proposed vivid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1461412 Title: Mok Not In System Keyring To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1461412/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs