| Summary: | EnrollDefaultKeys.efi from UefiShell.iso is broken | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ademar Reis <areis> |
| Component: | edk2 | Assignee: | Paolo Bonzini <pbonzini> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | berrange, crobinso, kraxel, patrick.ohly, pbonzini, virt-maint |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2017-02-16 20:10:32 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Looks like a duplicate of bug #1356913. I ran into this outside of Fedora or Red Hat when using https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch?id=b1781931894bf2057464e634beed68b1e3218c9e (current master, i.e. bug #1356913 still isn't fixed in Fedora). "EFI_STATUS Status = EFI_SUCCESS;" in EnrollListOfX509Certs() fixed it for me. Thanks for the pointer Patrick, I'll pull in those changes Fixed in edk2-20170209git296153c5-2.fc26 |
Using Fedora's edk2-ovmf-20161105git3b25ca8-1.fc25.noarch: Shell> FS0: FS0:\> EnrollDefaultKeys.efi info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 error: EnrollListOfX509Certs("db", D719B2CB-3D3A-4596-A3BC-DAD00E67656F): Invalid Parameter FS0:\> Same configuration, but now using the UefiShell.iso from edk2.git-ovmf-x64-0-20161124.b2302.g45b18ce.noarch (from Kraxel's repository): Shell> FS0: FS0:\> EnrollDefaultKeys.efi info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 info: success