Bug#1108278: shim-signed: Asks to disable EFI Secure Boot with enrolled DKMS key

To: 1108278@bugs.debian.org
Subject: Bug#1108278: shim-signed: Asks to disable EFI Secure Boot with enrolled DKMS key
From: Jesse Rhodes <jesse@sney.ca>
Date: Mon, 7 Jul 2025 17:52:45 -0400
Message-id: <[🔎] f6852676-858e-46d7-be35-4118e8b60f85@sney.ca>
Reply-to: Jesse Rhodes <jesse@sney.ca>, 1108278@bugs.debian.org
References: <aFraphsgJGcoLmsZ@thunder.hadrons.org>

If update-secureboot-policy can query mokutil to check if secure boot isenabled, then it can also query mokutil to check if the key from/var/lib/dkms/mok.pub is enrolled. This popup should never appear on asystem with secure boot configured correctly with dkms.


sney

Reply to:

Follow-Ups:
- Bug#1108278: shim-signed: Asks to disable EFI Secure Boot with enrolled DKMS key
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Bug#1108902: fwupd: should log what it updates
Next by Date: [bts-link] source package fwupd
Previous by thread: Bug#1108902: fwupd: should log what it updates
Next by thread: Bug#1108278: shim-signed: Asks to disable EFI Secure Boot with enrolled DKMS key
Index(es):
- Date
- Thread