[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#987991: shim-signed: Recent dbx update blacklists shimx64.efi (1.33+15+1533136590.3beb971-7)

Package: shim-signed
Version: 1.33+15+1533136590.3beb971-7
Severity: grave
Justification: renders package unusable

Recent dbx update (https://uefi.org/revocationlistfile) from 2021-04-29
includes hash


which matches "message hash" of image shimx64.efi from latest shim-signed
package. After importing recent dbx file into UEFI variable, the system
refuses to boot with Secure Boot enabled.

-- System Information:
Debian Release: 10.9
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-16-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shim-signed depends on:
ii  grub-efi-amd64-bin         2.02+dfsg1-20+deb10u4
ii  grub2-common               2.02+dfsg1-20+deb10u4
ii  shim-helpers-amd64-signed  1+15+1533136590.3beb971+7+deb10u1
ii  shim-signed-common         1.33+15+1533136590.3beb971-7

Versions of packages shim-signed recommends:
pn  secureboot-db  <none>

shim-signed suggests no packages.

-- no debconf information

Reply to: