Bug 1010474 - Unable to register keys with MokManager
Unable to register keys with MokManager
Product: Fedora
Classification: Fedora
Component: shim (Show other bugs)
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Matthew Garrett
Fedora Extras Quality Assurance
Depends On:
Blocks: F20BetaFreezeException
  Show dependency treegraph
Reported: 2013-09-20 16:41 EDT by Bruno Cornec
Modified: 2016-02-05 01:56 EST (History)
6 users (show)

See Also:
Fixed In Version: shim-0.7-1.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-11-16 02:05:59 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bruno Cornec 2013-09-20 16:41:51 EDT
Description of problem:

When trying to register a cert.der file from the /boot/efi dir using MokManager from Fedora 20, the tool gives no feedback when you press enter on the key to record it.

Version-Release number of selected component (if applicable):

How reproducible:
Each time

Steps to Reproduce:
1. create .der file following this doc http://en.opensuse.org/openSUSE:UEFI (No Fedora doc for that)
2. put it under /boot/efi
3.reboot on MokManager and try to add it

Actual results:
No message, no der imported.

Expected results:
Confirmation msg + der imported.

Additional info:
During the UEFI Plugfest
Comment 1 Peter Jones 2013-10-24 22:30:23 EDT
This should be fixed in 0.5-1.f20 .
Comment 2 Fedora Update System 2013-10-24 22:37:46 EDT
shim-signed-0.5-1.fc20,shim-0.5-1.fc20 has been submitted as an update for Fedora 20.
Comment 3 Peter Jones 2013-10-24 22:58:54 EDT
This is really critical functionality that must work, so I've added this as a BetaFreezeException to make sure this is in F20.
Comment 4 Fedora Update System 2013-10-25 13:45:56 EDT
Package shim-signed-0.5-1.fc20, shim-0.5-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing shim-signed-0.5-1.fc20 shim-0.5-1.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
Comment 5 Mike Ruckman 2013-10-28 13:18:49 EDT
Discussed in 2013-10-28 Blocker Review meeting [1]. Voted as an AcceptedFreezeException. This is required for secureboot to work and cannot be fixed with an update post-release. A tested fix would be considered after freeze.

[1] http://meetbot.fedoraproject.org/meetbot/meetbot/fedora-blocker-review/2013-10-28/
Comment 6 Jóhann B. Guðmundsson 2013-10-28 16:13:27 EDT
That update broke my UEFI boot so no we will not accept that as a freeze exception so it can break it for everybody else in otherwords we need to kill this update in birth..

See bug 1023767
Comment 7 Fedora Update System 2013-11-13 16:04:20 EST
shim-0.7-1.fc20,shim-signed-0.7-1.fc20 has been submitted as an update for Fedora 20.
Comment 8 Fedora Update System 2013-11-16 02:05:59 EST
shim-0.7-1.fc20, shim-signed-0.7-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.