Bug 1544794 - Secure Boot not enabled after install Fed 27 on Dell XPS-13 (9370)
Summary: Secure Boot not enabled after install Fed 27 on Dell XPS-13 (9370)
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: shim   
(Show other bugs)
Version: 27
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Matthew Garrett
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
: 1531961 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-13 14:15 UTC by Alexander Volovics
Modified: 2018-04-06 18:54 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-02-13 17:46:00 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Alexander Volovics 2018-02-13 14:15:09 UTC
Description of problem:

Using a USB stick with Fedora-Workstation-Live-x86_64-27 I installed
Fed 27 on a Dell XPS-13 (9370) notebook with UEFI + Secure Boot enabled.
Booting after install I noticed the following:

- the message "Booting in insecure mode" appeared before Grub menu

- $ dmesg |grep -i secure
[    0.000000] secureboot: Secure boot disabled
[    5.564737] Loaded UEFI:MokListRT cert 'Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to secondary sys keyring

After a successful install of Fed 27 I would expect the following:

- the message "EFI Stub: UEFI Secure boot enabled" after the Grub menu

- $ dmesg |grep -i secure
[    0.000000] secureboot: Secure boot enabled
[    0.000000] Kernel is locked down from EFI secure boot; see man kernel_lockdown.7
[    1.202177] Loaded UEFI:MokListRT cert 'Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to secondary sys keyring
[    4.544900] Bluetooth: hci0: Secure boot is enabled

So it would appear that Secure Boot is not enabled.

I confirmed this with a new install of Fedora-Workstation-Live but now
using the F27-WORK-x86_64-20180204.iso respin from
https://dl.fedoraproject.org/pub/alt/live-respins/
Again: Secure Boot not enabled.



Version-Release number of selected component (if applicable):
shim-x64-13-0.7.x86_64

How reproducible:
allways

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Matthew Garrett 2018-02-13 17:46:00 UTC
Dell ship their Sputnik systems with a pre-populated MokSB variable that disables Secure Boot, so this is working as intended on the Fedora side.

Comment 2 Maxime Ripard 2018-04-06 18:54:53 UTC
*** Bug 1531961 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.