Secure boot appears enabled in kernel log but not with mokutil

To: debian-user@lists.debian.org
Subject: Secure boot appears enabled in kernel log but not with mokutil
From: Aitor Fraile Azcue <aitorfraile@mykolab.com>
Date: Mon, 22 Jul 2019 14:13:08 +0200
Message-id: <[🔎] 20190722141308.52e09621.aitorfraile@mykolab.com>

Hi,

I have a Intel NUC DE3815TYBE system and I have updated it without
problems from Stretch to Buster (thanks to the developers!).

To activate Secure Boot[1], I have followed these steps[2]:

 * Confirm that shim-signed, grub-efi-amd64-signed and
   linux-image-4.19.0-5-amd64 packages are intalled
 * Reboot and enable Secure Boot (Standar mode) in BIOS
 * Reboot and check if Secure Boot is enabled

In the kernel log appears as enabled:

 [...]
 kernel: secureboot: Secure boot enabled
 kernel: Kernel is locked down from EFI secure boot; see
 https://wiki.debian.org/SecureBoot
 [...]

But mokutil says there's no support for Secure Boot:

 # mokutil --sb-state
 This system doesn't support Secure Boot

Also with bootctl:

 # bootctl status | grep -i 'secure boot'
 Secure Boot: disabled

I would like to know if I have enabled Secure Boot correctly or if I
have made a mistake. 

Thank you in advance.


[1]:
https://www.debian.org/releases/buster/amd64/release-notes/ch-whats-new.en.html#secure-boot
[2]:
https://wiki.debian.org/SecureBoot/Testing#Test_procedure_on_an_existing_installation

-- 
Aitor Fraile Azcue
OpenPGP fpr: 0293 006F E971 3A90 57D0  2DA7 88E9 394E 763C C3E6

Reply to:

Prev by Date: Re: Psychedelic GUI after stable update to buster
Next by Date: Re: Buster vmlinuz kernel...
Previous by thread: Re: Buster vmlinuz kernel...
Next by thread: usenet and firewalld
Index(es):
- Date
- Thread