Score:2

Self-signed kernel loading stopped working after upgrade to 21.04

za flag

I have a strange problem with secure boot and self-signed kernels. On 20.10 I was able to boot (everything with Secure Boot) both canonical-signed and self-signed kernels. After upgrade to 21.04 loading self-signed kernels doesn't work anymore: I get "vmlinuz has invalid signature" error. The error seems clear enough, but:

  • Secure Boot is on and grub loads just fine and loads canonical-signed kernels 100% fine (so it's something about my singing key, right?)
  • my custom key seems to be enrolled into mok db just fine
    root@T495:~# mokutil --test-key /root/mok/MOK.der 
    mok/MOK.der is already enrolled
    
  • image is signed with the same key as checked above with mokutil
    sudo sbsign --key /root/mok/MOK.priv --cert /root/mok/MOK.pem /boot/vmlinuz-5.13.3-051303-generic --output /boot/vmlinuz-5.13.3-051303-generic
    Image was already signed; adding additional signature
    

What am I missing?

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.