1010474 – Unable to register keys with MokManager

Bug 1010474 - Unable to register keys with MokManager

Summary: Unable to register keys with MokManager

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	shim
Sub Component:
Version:	rawhide
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Matthew Garrett
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	AcceptedFreezeException
Depends On:
Blocks:	F20BetaFreezeException
TreeView+	depends on / blocked

Reported:	2013-09-20 20:41 UTC by Bruno Cornec
Modified:	2016-02-05 06:56 UTC (History)
CC List:	6 users (show)
Fixed In Version:	shim-0.7-1.fc20
Clone Of:
Environment:
Last Closed:	2013-11-16 07:05:59 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Bruno Cornec 2013-09-20 20:41:51 UTC

Description of problem:

When trying to register a cert.der file from the /boot/efi dir using MokManager from Fedora 20, the tool gives no feedback when you press enter on the key to record it.

Version-Release number of selected component (if applicable):
shim-0.4.1.fc19

How reproducible:
Each time

Steps to Reproduce:
1. create .der file following this doc http://en.opensuse.org/openSUSE:UEFI (No Fedora doc for that)
2. put it under /boot/efi
3.reboot on MokManager and try to add it

Actual results:
No message, no der imported.

Expected results:
Confirmation msg + der imported.

Additional info:
During the UEFI Plugfest

Comment 1 Peter Jones 2013-10-25 02:30:23 UTC

This should be fixed in 0.5-1.f20 .

Comment 2 Fedora Update System 2013-10-25 02:37:46 UTC

shim-signed-0.5-1.fc20,shim-0.5-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/shim-signed-0.5-1.fc20,shim-0.5-1.fc20

Comment 3 Peter Jones 2013-10-25 02:58:54 UTC

This is really critical functionality that must work, so I've added this as a BetaFreezeException to make sure this is in F20.

Comment 4 Fedora Update System 2013-10-25 17:45:56 UTC

Package shim-signed-0.5-1.fc20, shim-0.5-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing shim-signed-0.5-1.fc20 shim-0.5-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-19954/shim-signed-0.5-1.fc20,shim-0.5-1.fc20
then log in and leave karma (feedback).

Comment 5 Mike Ruckman 2013-10-28 17:18:49 UTC

Discussed in 2013-10-28 Blocker Review meeting [1]. Voted as an AcceptedFreezeException. This is required for secureboot to work and cannot be fixed with an update post-release. A tested fix would be considered after freeze.

[1] http://meetbot.fedoraproject.org/meetbot/meetbot/fedora-blocker-review/2013-10-28/

Comment 6 Jóhann B. Guðmundsson 2013-10-28 20:13:27 UTC

That update broke my UEFI boot so no we will not accept that as a freeze exception so it can break it for everybody else in otherwords we need to kill this update in birth..

See bug 1023767

Comment 7 Fedora Update System 2013-11-13 21:04:20 UTC

shim-0.7-1.fc20,shim-signed-0.7-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/shim-0.7-1.fc20,shim-signed-0.7-1.fc20

Comment 8 Fedora Update System 2013-11-16 07:05:59 UTC

shim-0.7-1.fc20, shim-signed-0.7-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.