Bug 1010474 - Unable to register keys with MokManager
Summary: Unable to register keys with MokManager
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: shim
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Matthew Garrett
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: AcceptedFreezeException
Keywords:
Depends On:
Blocks: F20BetaFreezeException
TreeView+ depends on / blocked
 
Reported: 2013-09-20 20:41 UTC by Bruno Cornec
Modified: 2016-02-05 06:56 UTC (History)
6 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2013-11-16 07:05:59 UTC


Attachments (Terms of Use)

Description Bruno Cornec 2013-09-20 20:41:51 UTC
Description of problem:

When trying to register a cert.der file from the /boot/efi dir using MokManager from Fedora 20, the tool gives no feedback when you press enter on the key to record it.

Version-Release number of selected component (if applicable):
shim-0.4.1.fc19

How reproducible:
Each time

Steps to Reproduce:
1. create .der file following this doc http://en.opensuse.org/openSUSE:UEFI (No Fedora doc for that)
2. put it under /boot/efi
3.reboot on MokManager and try to add it

Actual results:
No message, no der imported.

Expected results:
Confirmation msg + der imported.

Additional info:
During the UEFI Plugfest

Comment 1 Peter Jones 2013-10-25 02:30:23 UTC
This should be fixed in 0.5-1.f20 .

Comment 2 Fedora Update System 2013-10-25 02:37:46 UTC
shim-signed-0.5-1.fc20,shim-0.5-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/shim-signed-0.5-1.fc20,shim-0.5-1.fc20

Comment 3 Peter Jones 2013-10-25 02:58:54 UTC
This is really critical functionality that must work, so I've added this as a BetaFreezeException to make sure this is in F20.

Comment 4 Fedora Update System 2013-10-25 17:45:56 UTC
Package shim-signed-0.5-1.fc20, shim-0.5-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing shim-signed-0.5-1.fc20 shim-0.5-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-19954/shim-signed-0.5-1.fc20,shim-0.5-1.fc20
then log in and leave karma (feedback).

Comment 5 Mike Ruckman 2013-10-28 17:18:49 UTC
Discussed in 2013-10-28 Blocker Review meeting [1]. Voted as an AcceptedFreezeException. This is required for secureboot to work and cannot be fixed with an update post-release. A tested fix would be considered after freeze.

[1] http://meetbot.fedoraproject.org/meetbot/meetbot/fedora-blocker-review/2013-10-28/

Comment 6 Jóhann B. Guðmundsson 2013-10-28 20:13:27 UTC
That update broke my UEFI boot so no we will not accept that as a freeze exception so it can break it for everybody else in otherwords we need to kill this update in birth..

See bug 1023767

Comment 7 Fedora Update System 2013-11-13 21:04:20 UTC
shim-0.7-1.fc20,shim-signed-0.7-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/shim-0.7-1.fc20,shim-signed-0.7-1.fc20

Comment 8 Fedora Update System 2013-11-16 07:05:59 UTC
shim-0.7-1.fc20, shim-signed-0.7-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.