Description of problem: Using a USB stick with Fedora-Workstation-Live-x86_64-27 I installed Fed 27 on a Dell XPS-13 (9370) notebook with UEFI + Secure Boot enabled. Booting after install I noticed the following: - the message "Booting in insecure mode" appeared before Grub menu - $ dmesg |grep -i secure [ 0.000000] secureboot: Secure boot disabled [ 5.564737] Loaded UEFI:MokListRT cert 'Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to secondary sys keyring After a successful install of Fed 27 I would expect the following: - the message "EFI Stub: UEFI Secure boot enabled" after the Grub menu - $ dmesg |grep -i secure [ 0.000000] secureboot: Secure boot enabled [ 0.000000] Kernel is locked down from EFI secure boot; see man kernel_lockdown.7 [ 1.202177] Loaded UEFI:MokListRT cert 'Fedora Secure Boot CA: fde32599c2d61db1bf5807335d7b20e4cd963b42' linked to secondary sys keyring [ 4.544900] Bluetooth: hci0: Secure boot is enabled So it would appear that Secure Boot is not enabled. I confirmed this with a new install of Fedora-Workstation-Live but now using the F27-WORK-x86_64-20180204.iso respin from https://dl.fedoraproject.org/pub/alt/live-respins/ Again: Secure Boot not enabled. Version-Release number of selected component (if applicable): shim-x64-13-0.7.x86_64 How reproducible: allways Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Dell ship their Sputnik systems with a pre-populated MokSB variable that disables Secure Boot, so this is working as intended on the Fedora side.
*** Bug 1531961 has been marked as a duplicate of this bug. ***