Join Log in
Score:2
piontec avatar Ubuntu

Self-signed kernel loading stopped working after upgrade to 21.04

za flag
piontec

I have a strange problem with secure boot and self-signed kernels. On 20.10 I was able to boot (everything with Secure Boot) both canonical-signed and self-signed kernels. After upgrade to 21.04 loading self-signed kernels doesn't work anymore: I get "vmlinuz has invalid signature" error. The error seems clear enough, but:

  • Secure Boot is on and grub loads just fine and loads canonical-signed kernels 100% fine (so it's something about my singing key, right?)
  • my custom key seems to be enrolled into mok db just fine 
    root@T495:~# mokutil --test-key /root/mok/MOK.der 
mok/MOK.der is already enrolled
  • image is signed with the same key as checked above with mokutil 
    sudo sbsign --key /root/mok/MOK.priv --cert /root/mok/MOK.pem /boot/vmlinuz-5.13.3-051303-generic --output /boot/vmlinuz-5.13.3-051303-generic
Image was already signed; adding additional signature

What am I missing?

104
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.