Bug 1398743 - EnrollDefaultKeys.efi from UefiShell.iso is broken
Summary: EnrollDefaultKeys.efi from UefiShell.iso is broken
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: edk2
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Paolo Bonzini
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-11-25 18:20 UTC by Ademar Reis
Modified: 2017-02-16 20:10 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-16 20:10:32 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Ademar Reis 2016-11-25 18:20:27 UTC 
Using Fedora's edk2-ovmf-20161105git3b25ca8-1.fc25.noarch:

Shell> FS0:
FS0:\> EnrollDefaultKeys.efi
info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
error: EnrollListOfX509Certs("db", D719B2CB-3D3A-4596-A3BC-DAD00E67656F): Invalid Parameter
FS0:\> 

Same configuration, but now using the UefiShell.iso from edk2.git-ovmf-x64-0-20161124.b2302.g45b18ce.noarch (from Kraxel's repository):

Shell> FS0:
FS0:\> EnrollDefaultKeys.efi
info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1
info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0
info: success
Comment 1 Patrick Ohly 2016-12-21 08:41:42 UTC 
Looks like a duplicate of bug #1356913. I ran into this outside of Fedora or Red Hat when using https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch?id=b1781931894bf2057464e634beed68b1e3218c9e (current master, i.e. bug #1356913 still isn't fixed in Fedora).

"EFI_STATUS Status = EFI_SUCCESS;" in EnrollListOfX509Certs() fixed it for me.
Comment 2 Cole Robinson 2017-02-16 19:09:58 UTC 
Thanks for the pointer Patrick, I'll pull in those changes
Comment 3 Cole Robinson 2017-02-16 20:10:32 UTC 
Fixed in edk2-20170209git296153c5-2.fc26
Note You need to log in before you can comment on or make changes to this bug.