Bug 1010474

Summary: Unable to register keys with MokManager
Product: [Fedora] Fedora Reporter: Bruno Cornec <bruno.cornec>
Component: shimAssignee: Matthew Garrett <mjg59>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: rawhideCC: collura, johannbg, knutjbj, mjg59, mruckman, pjones
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard: AcceptedFreezeException
Fixed In Version: shim-0.7-1.fc20 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-11-16 07:05:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 980655    

Description Bruno Cornec 2013-09-20 20:41:51 UTC 
Description of problem:

When trying to register a cert.der file from the /boot/efi dir using MokManager from Fedora 20, the tool gives no feedback when you press enter on the key to record it.

Version-Release number of selected component (if applicable):
shim-0.4.1.fc19

How reproducible:
Each time

Steps to Reproduce:
1. create .der file following this doc http://en.opensuse.org/openSUSE:UEFI (No Fedora doc for that)
2. put it under /boot/efi
3.reboot on MokManager and try to add it

Actual results:
No message, no der imported.

Expected results:
Confirmation msg + der imported.

Additional info:
During the UEFI Plugfest
Comment 1 Peter Jones 2013-10-25 02:30:23 UTC 
This should be fixed in 0.5-1.f20 .
Comment 2 Fedora Update System 2013-10-25 02:37:46 UTC 
shim-signed-0.5-1.fc20,shim-0.5-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/shim-signed-0.5-1.fc20,shim-0.5-1.fc20
Comment 3 Peter Jones 2013-10-25 02:58:54 UTC 
This is really critical functionality that must work, so I've added this as a BetaFreezeException to make sure this is in F20.
Comment 4 Fedora Update System 2013-10-25 17:45:56 UTC 
Package shim-signed-0.5-1.fc20, shim-0.5-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing shim-signed-0.5-1.fc20 shim-0.5-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-19954/shim-signed-0.5-1.fc20,shim-0.5-1.fc20
then log in and leave karma (feedback).
Comment 5 Mike Ruckman 2013-10-28 17:18:49 UTC 
Discussed in 2013-10-28 Blocker Review meeting [1]. Voted as an AcceptedFreezeException. This is required for secureboot to work and cannot be fixed with an update post-release. A tested fix would be considered after freeze.

[1] http://meetbot.fedoraproject.org/meetbot/meetbot/fedora-blocker-review/2013-10-28/
Comment 6 Jóhann B. Guðmundsson 2013-10-28 20:13:27 UTC 
That update broke my UEFI boot so no we will not accept that as a freeze exception so it can break it for everybody else in otherwords we need to kill this update in birth..

See bug 1023767
Comment 7 Fedora Update System 2013-11-13 21:04:20 UTC 
shim-0.7-1.fc20,shim-signed-0.7-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/shim-0.7-1.fc20,shim-signed-0.7-1.fc20
Comment 8 Fedora Update System 2013-11-16 07:05:59 UTC 
shim-0.7-1.fc20, shim-signed-0.7-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.