Package: memtest86+ Version: 7.20-1 Followup-For: Bug #1032375 X-Debbugs-Cc: hueyche...@outlook.com
Dear Maintainer, I have a workaround solution meanwhile. Create your own keys which will later be used with `mokutil` with the following script I have created for this scenario: https://codeberg.org/horsey_guy/MOK_Key_Create/raw/branch/main/create_keys.sh You can now use `sbsign --key {SOME_NAME}.key --cert {SOME_NAME}.crt /boot/memtest86+x64.efi --output /boot/memtest86+x64.efi.signed` (cannot in-place sign) Then symlink /boot/memtest86+x64.efi to /boot/memtest86+x64.efi.signed with `ln -sf /boot/memtestx86+64.efi.signed /boot/memtestx86+64.efi`. The ia32 variants can be signed too. Be sure to do the signing whenever memtest86+ is updated. You can make some sort of post-installation hook if that's possible to automate this. Now use mokutil or else the keys will be rejected: `mokutil --import path/to/cert.der` I have not tested this method although I will, but it should work as I have done some variation of this. It would be nice if memtest86+ could be signed with Debian's keys though. Sincerely, Huey Chen -- System Information: Debian Release: 13.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.15-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_USER Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages memtest86+ depends on: ii grub-common 2.12-9 memtest86+ recommends no packages. Versions of packages memtest86+ suggests: pn grub-efi | grub-pc <none> pn memtester <none> ii mtools 4.0.48-1 -- no debconf information -- debsums errors found: debsums: changed file /boot/memtest86+ia32.efi (from memtest86+ package) debsums: changed file /boot/memtest86+x64.efi (from memtest86+ package)
