[Bug 1809274] Re: Secure boot MOK password requested for every kernel update even when booting in insecure mode

Launchpad Bug Tracker 1809274 at bugs.launchpad.net
Fri Apr 10 09:45:50 UTC 2020 

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: mokutil (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mokutil in Ubuntu.
Matching subscriptions: mokutil-bugs
https://bugs.launchpad.net/bugs/1809274

Title:
  Secure boot MOK password requested for every kernel update even when
  booting in insecure mode

Status in linux package in Ubuntu:
  Incomplete
Status in mokutil package in Ubuntu:
  Confirmed
Status in update-manager package in Ubuntu:
  Confirmed

Bug description:
  To reproduce:
   - Disable kernel secure boot (booting in insecure mode). System secure boot still enabled
   - Update kernel with update-manager

  On every kernel update, a dialog appears asking me to enter a MOK secure boot password for temporarily disabling secure boot.
  See screenshot

  When I reboot, the MOK config screen appears, but I can just ignore it and it boots fine, since secure boot is already disabled in the kernel.
  Which makes me wonder why it even needs to ask me to enter a secure boot password every time I update the kernel.

  Expected: only ask for a secure boot password on update if it actually
  needs to disable kernel secure boot, and kernel secure boot is not
  already disabled.

  Note that the output of mokutil --sb-state
  SecureBoot enabled

  However, kernel secure boot is disabled and the system GRUB bootloader
  prints a message "Booting in insecure mode" on startup

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: linux-headers-generic 4.15.0.43.45
  ProcVersionSignature: User Name 4.15.0-42.45-generic 4.15.18
  Uname: Linux 4.15.0-42-generic x86_64
  ApportVersion: 2.20.9-0ubuntu7.5
  Architecture: amd64
  AudioDevicesInUse:
   USER        PID ACCESS COMMAND
   /dev/snd/controlC1:  ubuntu     1672 F.... pulseaudio
   /dev/snd/controlC0:  ubuntu     1672 F.... pulseaudio
  CurrentDesktop: ubuntu:GNOME
  Date: Thu Dec 20 10:49:48 2018
  EcryptfsInUse: Yes
  HibernationDevice: RESUME=none
  InstallationDate: Installed on 2018-09-12 (98 days ago)
  InstallationMedia: Ubuntu 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731)
  MachineType: Dell Inc. Latitude 3340
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  ProcFB: 0 inteldrmfb
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-42-generic root=UUID=1c6a1916-ac97-4bdf-8f15-14d986e621a2 ro
  RelatedPackageVersions:
   linux-restricted-modules-4.15.0-42-generic N/A
   linux-backports-modules-4.15.0-42-generic  N/A
   linux-firmware                             1.173.2
  SourcePackage: linux
  UpgradeStatus: Upgraded to bionic on 2018-09-28 (82 days ago)
  dmi.bios.date: 07/09/2018
  dmi.bios.vendor: Dell Inc.
  dmi.bios.version: A17
  dmi.board.vendor: Dell Inc.
  dmi.chassis.type: 9
  dmi.chassis.vendor: Dell Inc.
  dmi.modalias: dmi:bvnDellInc.:bvrA17:bd07/09/2018:svnDellInc.:pnLatitude3340:pvr00:rvnDellInc.:rn:rvr:cvnDellInc.:ct9:cvr:
  dmi.product.name: Latitude 3340
  dmi.product.version: 00
  dmi.sys.vendor: Dell Inc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+subscriptions

More information about the foundations-bugs mailing list