Hi, On 10-08-2021 19:02, Antonio Terceiro wrote: > As a data point, the Huawei cloud infra where ci.debian.net runs arm64 > workers (for arm*) does use Secure Boot on arm64, and applying security > updates broke our machines there.
Just a proper follow-up. It seems we were hit by the inappropriate 1.36~1+deb10u1+15.4-5~deb10u1. This was possible because we used APT::Default-Release "buster" ; which *doesn't* include buster-updates, so the fixed package was prioritized *below* the broken one by APT. Upgrading a fresh VM with a fixed APT::Default-Release pulled in the fixed package from buster-updates and enabled the VM to reboot afterwards. So, Huawei doesn't seem to force Secure Boot on armd64 after all. Paul
OpenPGP_signature
Description: OpenPGP digital signature
