Package: shim-signed-common Version: 1.33+15+1533136590.3beb971-7 Severity: normal
Dear Maintainer, the script /usr/sbin/update-secureboot-policy ignores unknown arguments. But there are scripts which call it with other arguments. (--new-key and --enroll-key in vboxdrv.sh from oracle virtualbox (see in https://www.virtualbox.org/changeset/79186/vbox)). One such call managed to block a command on my computer, so it was running forever and blocking manual started related commands. (Looking as described in https://superuser.com/questions/1493050/update- secureboot-policy-enroll-key-running-on-every-new-startup-eating-reso , but my key was already registered manually.) Could you please abort show an error message on unsupported arguments? My work around is to add a wrapper script around /usr/sbin/update-secureboot- policy which aborts on unsupported arguments with an error message. So the script should not hang anymore, and hopefully log a nice error message. Currently my compiled kernel modules are signed again, maybe because of the wrapper, maybe already since I killed the hanging process. Thank you very much for your work. Greetings, Simon -- System Information: Debian Release: 10.9 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-16-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=de_CH:de (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages shim-signed-common depends on: ii debconf [debconf-2.0] 1.5.71 ii mokutil 0.3.0+1538710437.fb6250f-1 shim-signed-common recommends no packages. shim-signed-common suggests no packages. -- debconf information: shim/error/secureboot_key_mismatch: shim/enable_secureboot: false shim/title/secureboot: * shim/disable_secureboot: false * shim/error/bad_secureboot_key: * shim/secureboot_explanation:
