Also affects Ideapad 3 15AB7 Ryzen 5825. Kubuntu 23.10 for all Kernels
up to linux-next.
In all cases, secure boot on or off, MoK enabled or not and fTPM on/off
give the same result. fTPM reading is abnormal.
$ sudo dmesg | grep fTPM
[ 0.341408] tpm tpm0: AMD fTPM version 0x3004e00020005 causes system
stutter; hwrng disabled
$ mokutil --sb
SecureBoot enabled
SecureBoot validation is disabled in shim
mokutil --sb
SecureBoot disabled
sudo dmesg | grep fTPM
no reading
Here's the x.509 error:
$ journalctl -b -1
...cut here...
-X.509 Boot/restart/all Kernels/all cases
23:51:34 mm systemd[1]: Stopped user-runtime-dir@1000.service - User Runtime
Directory /run/user/1000.
May 03 23:51:34 mm systemd[1]: Removed slice user-1000.slice - User Slice of
UID 1000.
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-provisioning registered
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014:
4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring
UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device
240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ':
8129c1e0865297b1435ad4a47e4f424e'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509
certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2017): 242ade75ac4a15e50d50c84b0d45ff3eae707a03'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (ESM 2018): 365188c1d374d6b07c3c8f240f8ef722433d6a8b'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2019): c0746fd6c5da3ae827864651ad66ae47fe24b3e8'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-provisioning registered
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014:
4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring
UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device
240x67
May 03 23:51:19 mm kernel: Loading compiled-in X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Build time autogenerated kernel
key: 1fc0e865c21818e2f5cce3868a567b58070b6c0d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Live Patch
Signing: 14df34d1a87cf37625abec039ef2bf521249b969'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Kernel Module
Signing: 88f752e560a1e0737e31163a466ad7b70a850c19'
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509
certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2017): 242ade75ac4a15e50d50c84b0d45ff3eae707a03'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (ESM 2018): 365188c1d374d6b07c3c8f240f8ef722433d6a8b'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2019): c0746fd6c5da3ae827864651ad66ae47fe24b3e8'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot
Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-provisioning registered
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014:
4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring
UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device
240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ':
8129c1e0865297b1435ad4a47e4f424e'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Microsoft Corporation
UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Microsoft Windows
Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53'
May 03 23:51:19 mm kernel: Loading compiled-in module X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Build time autogenerated kernel
key: 1fc0e865c21818e2f5cce3868a567b58070b6c0d'
May 03 23:51:19 mm kernel: ima: Allocated hash algorithm: sha1
May 03 23:51:19 mm kernel: ima: No architecture policies found
May 03 23:51:19 mm kernel: evm: Initialising EVM extended attributes:
May 03 23:51:19 mm kernel: evm: security.selinux
May 03 23:51:19 mm kernel: evm: security.SMACK64
May 03 23:51:19 mm kernel: evm: security.SMACK64EXEC
May 03 23:51:19 mm kernel: evm: security.SMACK64TRANSMUTE
May 03 23:51:19 mm kernel: evm: security.SMACK64MMAP
May 03 23:51:19 mm kernel: evm: security.apparmor
May 03 23:51:19 mm kernel: evm: security.ima
May 03 23:51:19 mm kernel: evm: security.capability
May 03 23:51:19 mm kernel: evm: HMAC attrs: 0x1
May 03 23:51:19 mm kernel: PM: Magic number: 7:946:865
May 03 23:51:19 mm kernel: memory_tiering: hash matches
May 03 23:51:19 mm kernel: RAS: Correctable Errors collector initialized.
May 03 23:51:19 mm kernel: Unstable clock detected, switching default tracing
clock to "global"
If you want to keep using the local clock, then add:
"trace_clock=local"
lines 730-756
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1930783
Title:
integrity: Problem loading X.509 certificate
Status in linux package in Ubuntu:
Confirmed
Bug description:
Following error shows on Acer machines while booting when UEFI boot is
enabled.
integrity: Problem loading X.509 certificate -65
The issue is discussed at
https://bugzilla.opensuse.org/show_bug.cgi?id=1129471 and a patch is
available at https://lkml.org/lkml/2019/7/16/23. Seems like this patch
is not included in Ubuntu as I'm still getting this error.
I'm using Linux Mint 20, which is based on Ubuntu 20.04. This error
comes while live booting Ubuntu 20.04 and Ubuntu 18.04 also.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1930783/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
