Bug 1010474 - Unable to register keys with MokManager
Summary: Unable to register keys with MokManager
Alias: None
Product: Fedora
Classification: Fedora
Component: shim
Version: rawhide
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Matthew Garrett
QA Contact: Fedora Extras Quality Assurance
Whiteboard: AcceptedFreezeException
Depends On:
Blocks: F20BetaFreezeException
TreeView+ depends on / blocked
Reported: 2013-09-20 20:41 UTC by Bruno Cornec
Modified: 2016-02-05 06:56 UTC (History)
6 users (show)

Fixed In Version: shim-0.7-1.fc20
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-11-16 07:05:59 UTC
Type: Bug

Attachments (Terms of Use)

Description Bruno Cornec 2013-09-20 20:41:51 UTC
Description of problem:

When trying to register a cert.der file from the /boot/efi dir using MokManager from Fedora 20, the tool gives no feedback when you press enter on the key to record it.

Version-Release number of selected component (if applicable):

How reproducible:
Each time

Steps to Reproduce:
1. create .der file following this doc http://en.opensuse.org/openSUSE:UEFI (No Fedora doc for that)
2. put it under /boot/efi
3.reboot on MokManager and try to add it

Actual results:
No message, no der imported.

Expected results:
Confirmation msg + der imported.

Additional info:
During the UEFI Plugfest

Comment 1 Peter Jones 2013-10-25 02:30:23 UTC
This should be fixed in 0.5-1.f20 .

Comment 2 Fedora Update System 2013-10-25 02:37:46 UTC
shim-signed-0.5-1.fc20,shim-0.5-1.fc20 has been submitted as an update for Fedora 20.

Comment 3 Peter Jones 2013-10-25 02:58:54 UTC
This is really critical functionality that must work, so I've added this as a BetaFreezeException to make sure this is in F20.

Comment 4 Fedora Update System 2013-10-25 17:45:56 UTC
Package shim-signed-0.5-1.fc20, shim-0.5-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing shim-signed-0.5-1.fc20 shim-0.5-1.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).

Comment 5 Mike Ruckman 2013-10-28 17:18:49 UTC
Discussed in 2013-10-28 Blocker Review meeting [1]. Voted as an AcceptedFreezeException. This is required for secureboot to work and cannot be fixed with an update post-release. A tested fix would be considered after freeze.

[1] http://meetbot.fedoraproject.org/meetbot/meetbot/fedora-blocker-review/2013-10-28/

Comment 6 Jóhann B. Guðmundsson 2013-10-28 20:13:27 UTC
That update broke my UEFI boot so no we will not accept that as a freeze exception so it can break it for everybody else in otherwords we need to kill this update in birth..

See bug 1023767

Comment 7 Fedora Update System 2013-11-13 21:04:20 UTC
shim-0.7-1.fc20,shim-signed-0.7-1.fc20 has been submitted as an update for Fedora 20.

Comment 8 Fedora Update System 2013-11-16 07:05:59 UTC
shim-0.7-1.fc20, shim-signed-0.7-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.