[Bug 2127812] Re: Mokutil thinks Secure Boot is not enabled while Secure Boot was left enabled by default

Chris Coulson 2127812 at bugs.launchpad.net
Tue Nov 4 09:20:11 UTC 2025 

Hi, what makes you think that secure boot is enabled? The output from
mokutil suggests that the device is in setup mode because no platform
key is enrolled, so it's not possible to enable secure boot. Some
firmware UIs give the impression that it's possible to enable secure
boot without a platform key enrolled, but what it's actually doing is
switching between setup mode and audit mode - in both cases, secure boot
is still disabled.

** Changed in: mokutil (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mokutil in Ubuntu.
Matching subscriptions: mokutil-bugs
https://bugs.launchpad.net/bugs/2127812

Title:
  Mokutil thinks Secure Boot is not enabled while Secure Boot was left
  enabled by default

Status in mokutil package in Ubuntu:
  Incomplete

Bug description:
  Description:	Ubuntu 24.04.3 LTS
  Release:	24.04

  mokutil:
    Installed: 0.6.0-2build3
    Candidate: 0.6.0-2build3
    Version table:
   *** 0.6.0-2build3 500
          500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages
          100 /var/lib/dpkg/status

  While my GPD Win Mini has Secure Boot enabled by default, after
  installing Ubuntu 24.04 on it I noticed the mokutil falsely thinks
  it's not enabled which can lead vulnerabilities because without Secure
  Boot being enable according to mokutil bad actors can access our
  computers.

  When I typed mokutil --sb-state while I left Secure Boot enabled, it
  shows this.

  SecureBoot disabled
  Platform is in Setup Mode

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: mokutil 0.6.0-2build3
  ProcVersionSignature: Ubuntu 6.14.0-33.33~24.04.1-generic 6.14.11
  Uname: Linux 6.14.0-33-generic x86_64
  ApportVersion: 2.28.1-0ubuntu3.8
  Architecture: amd64
  CasperMD5CheckResult: unknown
  CurrentDesktop: ubuntu:GNOME
  Date: Mon Oct 13 12:27:41 2025
  InstallationDate: Installed on 2025-10-13 (1 days ago)
  InstallationMedia: Ubuntu 24.04.3 LTS "Noble Numbat" - Release amd64 (20250805.1)
  ProcEnviron:
   LANG=en_US.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
  SourcePackage: mokutil
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mokutil/+bug/2127812/+subscriptions

More information about the foundations-bugs mailing list