[Bug 2127812] [NEW] Mokutil thinks Secure Boot is not enabled while Secure Boot was left enabled by default
Robert R. McDonald
2127812 at bugs.launchpad.net
Mon Oct 13 19:37:43 UTC 2025
*** This bug is a security vulnerability ***
Public security bug reported:
Description: Ubuntu 24.04.3 LTS
Release: 24.04
mokutil:
Installed: 0.6.0-2build3
Candidate: 0.6.0-2build3
Version table:
*** 0.6.0-2build3 500
500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages
100 /var/lib/dpkg/status
While my GPD Win Mini has Secure Boot enabled by default, after
installing Ubuntu 24.04 on it I noticed the mokutil falsely thinks it's
not enabled which can lead vulnerabilities because without Secure Boot
being enable according to mokutil bad actors can access our computers.
When I typed mokutil --sb-state while I left Secure Boot enabled, it
shows this.
SecureBoot disabled
Platform is in Setup Mode
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: mokutil 0.6.0-2build3
ProcVersionSignature: Ubuntu 6.14.0-33.33~24.04.1-generic 6.14.11
Uname: Linux 6.14.0-33-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.8
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Mon Oct 13 12:27:41 2025
InstallationDate: Installed on 2025-10-13 (1 days ago)
InstallationMedia: Ubuntu 24.04.3 LTS "Noble Numbat" - Release amd64 (20250805.1)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
SourcePackage: mokutil
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: mokutil (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug noble
** Summary changed:
- Secure Boot is not enabled while Secure Boot was enabled by default
+ Mokutil thinks Secure Boot is not enabled while Secure Boot was left enabled by default
** Information type changed from Private Security to Public Security
** Information type changed from Public Security to Private Security
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to mokutil in Ubuntu.
Matching subscriptions: mokutil-bugs
https://bugs.launchpad.net/bugs/2127812
Title:
Mokutil thinks Secure Boot is not enabled while Secure Boot was left
enabled by default
Status in mokutil package in Ubuntu:
New
Bug description:
Description: Ubuntu 24.04.3 LTS
Release: 24.04
mokutil:
Installed: 0.6.0-2build3
Candidate: 0.6.0-2build3
Version table:
*** 0.6.0-2build3 500
500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages
100 /var/lib/dpkg/status
While my GPD Win Mini has Secure Boot enabled by default, after
installing Ubuntu 24.04 on it I noticed the mokutil falsely thinks
it's not enabled which can lead vulnerabilities because without Secure
Boot being enable according to mokutil bad actors can access our
computers.
When I typed mokutil --sb-state while I left Secure Boot enabled, it
shows this.
SecureBoot disabled
Platform is in Setup Mode
ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: mokutil 0.6.0-2build3
ProcVersionSignature: Ubuntu 6.14.0-33.33~24.04.1-generic 6.14.11
Uname: Linux 6.14.0-33-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.8
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Mon Oct 13 12:27:41 2025
InstallationDate: Installed on 2025-10-13 (1 days ago)
InstallationMedia: Ubuntu 24.04.3 LTS "Noble Numbat" - Release amd64 (20250805.1)
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
TERM=xterm-256color
SourcePackage: mokutil
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mokutil/+bug/2127812/+subscriptions
More information about the foundations-bugs
mailing list