Bug#987991: shim-signed: Recent dbx update blacklists shimx64.efi (1.33+15+1533136590.3beb971-7)
Package: shim-signed
Version: 1.33+15+1533136590.3beb971-7
Severity: grave
Justification: renders package unusable
Recent dbx update (https://uefi.org/revocationlistfile) from 2021-04-29
includes hash
AF79B14064601BC0987D4747AF1E914A228C05D622CEDA03B7A4F67014FEE767
which matches "message hash" of image shimx64.efi from latest shim-signed
package. After importing recent dbx file into UEFI variable, the system
refuses to boot with Secure Boot enabled.
-- System Information:
Debian Release: 10.9
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-16-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages shim-signed depends on:
ii grub-efi-amd64-bin 2.02+dfsg1-20+deb10u4
ii grub2-common 2.02+dfsg1-20+deb10u4
ii shim-helpers-amd64-signed 1+15+1533136590.3beb971+7+deb10u1
ii shim-signed-common 1.33+15+1533136590.3beb971-7
Versions of packages shim-signed recommends:
pn secureboot-db <none>
shim-signed suggests no packages.
-- no debconf information
Reply to: