Also affects Ideapad 3 15AB7 Ryzen 5825. Kubuntu 23.10 for all Kernels
up to linux-next.

In all cases, secure boot on or off, MoK enabled or not and fTPM on/off
give the same result. fTPM reading is abnormal.

$ sudo dmesg | grep fTPM
[    0.341408] tpm tpm0: AMD fTPM version 0x3004e00020005 causes system 
stutter; hwrng disabled

$ mokutil --sb
SecureBoot enabled
SecureBoot validation is disabled in shim

mokutil --sb
SecureBoot disabled
sudo dmesg | grep fTPM
no reading

Here's the x.509 error:

$ journalctl -b -1

...cut here...
-X.509 Boot/restart/all Kernels/all cases

23:51:34 mm systemd[1]: Stopped user-runtime-dir@1000.service - User Runtime 
Directory /run/user/1000.
May 03 23:51:34 mm systemd[1]: Removed slice user-1000.slice - User Slice of 
UID 1000.
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-provisioning registered
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 
4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring 
UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 
240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ': 
8129c1e0865297b1435ad4a47e4f424e'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509 
certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2017): 242ade75ac4a15e50d50c84b0d45ff3eae707a03'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (ESM 2018): 365188c1d374d6b07c3c8f240f8ef722433d6a8b'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2019): c0746fd6c5da3ae827864651ad66ae47fe24b3e8'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-provisioning registered
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 
4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring 
UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 
240x67
May 03 23:51:19 mm kernel: Loading compiled-in X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Build time autogenerated kernel 
key: 1fc0e865c21818e2f5cce3868a567b58070b6c0d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Live Patch 
Signing: 14df34d1a87cf37625abec039ef2bf521249b969'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Kernel Module 
Signing: 88f752e560a1e0737e31163a466ad7b70a850c19'
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509 
certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2017): 242ade75ac4a15e50d50c84b0d45ff3eae707a03'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (ESM 2018): 365188c1d374d6b07c3c8f240f8ef722433d6a8b'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2019): c0746fd6c5da3ae827864651ad66ae47fe24b3e8'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot 
Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-provisioning registered
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 
4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring 
UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 
240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ': 
8129c1e0865297b1435ad4a47e4f424e'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Microsoft Corporation 
UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Microsoft Windows 
Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53'
May 03 23:51:19 mm kernel: Loading compiled-in module X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Build time autogenerated kernel 
key: 1fc0e865c21818e2f5cce3868a567b58070b6c0d'
May 03 23:51:19 mm kernel: ima: Allocated hash algorithm: sha1
May 03 23:51:19 mm kernel: ima: No architecture policies found
May 03 23:51:19 mm kernel: evm: Initialising EVM extended attributes:
May 03 23:51:19 mm kernel: evm: security.selinux
May 03 23:51:19 mm kernel: evm: security.SMACK64
May 03 23:51:19 mm kernel: evm: security.SMACK64EXEC
May 03 23:51:19 mm kernel: evm: security.SMACK64TRANSMUTE
May 03 23:51:19 mm kernel: evm: security.SMACK64MMAP
May 03 23:51:19 mm kernel: evm: security.apparmor
May 03 23:51:19 mm kernel: evm: security.ima
May 03 23:51:19 mm kernel: evm: security.capability
May 03 23:51:19 mm kernel: evm: HMAC attrs: 0x1
May 03 23:51:19 mm kernel: PM:   Magic number: 7:946:865
May 03 23:51:19 mm kernel:  memory_tiering: hash matches
May 03 23:51:19 mm kernel: RAS: Correctable Errors collector initialized.
May 03 23:51:19 mm kernel: Unstable clock detected, switching default tracing 
clock to "global"
                           If you want to keep using the local clock, then add:
                             "trace_clock=local"
lines 730-756

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1930783

Title:
  integrity: Problem loading X.509 certificate

Status in linux package in Ubuntu:
  Confirmed

Bug description:
  Following error shows on Acer machines while booting when UEFI boot is
  enabled.

  integrity: Problem loading X.509 certificate -65

  The issue is discussed at
  https://bugzilla.opensuse.org/show_bug.cgi?id=1129471 and a patch is
  available at https://lkml.org/lkml/2019/7/16/23. Seems like this patch
  is not included in Ubuntu as I'm still getting this error.

  I'm using Linux Mint 20, which is based on Ubuntu 20.04. This error
  comes while live booting Ubuntu 20.04 and Ubuntu 18.04 also.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1930783/+subscriptions


-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to