Public bug reported: To reproduce: - Disable kernel secure boot (booting in insecure mode). System secure boot still enabled - Update kernel with update-manager
On every kernel update, a dialog appears asking me to enter a MOK secure boot password for temporarily disabling secure boot. See screenshot When I reboot, the MOK config screen appears, but I can just ignore it and it boots fine, since secure boot is already disabled in the kernel. Which makes me wonder why it even needs to ask me to enter a secure boot password every time I update the kernel. Expected: only ask for a secure boot password on update if it actually needs to disable kernel secure boot, and kernel secure boot is not already disabled. Note that the output of mokutil --sb-state SecureBoot enabled However, kernel secure boot is disabled and the system GRUB bootloader prints a message "Booting in insecure mode" on startup ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: linux-headers-generic 4.15.0.43.45 ProcVersionSignature: User Name 4.15.0-42.45-generic 4.15.18 Uname: Linux 4.15.0-42-generic x86_64 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: USER PID ACCESS COMMAND /dev/snd/controlC1: ubuntu 1672 F.... pulseaudio /dev/snd/controlC0: ubuntu 1672 F.... pulseaudio CurrentDesktop: ubuntu:GNOME Date: Thu Dec 20 10:49:48 2018 EcryptfsInUse: Yes HibernationDevice: RESUME=none InstallationDate: Installed on 2018-09-12 (98 days ago) InstallationMedia: Ubuntu 16.04.5 LTS "Xenial Xerus" - Release amd64 (20180731) MachineType: Dell Inc. Latitude 3340 ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 inteldrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.15.0-42-generic root=UUID=1c6a1916-ac97-4bdf-8f15-14d986e621a2 ro RelatedPackageVersions: linux-restricted-modules-4.15.0-42-generic N/A linux-backports-modules-4.15.0-42-generic N/A linux-firmware 1.173.2 SourcePackage: linux UpgradeStatus: Upgraded to bionic on 2018-09-28 (82 days ago) dmi.bios.date: 07/09/2018 dmi.bios.vendor: Dell Inc. dmi.bios.version: A17 dmi.board.vendor: Dell Inc. dmi.chassis.type: 9 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA17:bd07/09/2018:svnDellInc.:pnLatitude3340:pvr00:rvnDellInc.:rn:rvr:cvnDellInc.:ct9:cvr: dmi.product.name: Latitude 3340 dmi.product.version: 00 dmi.sys.vendor: Dell Inc. ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Affects: mokutil (Ubuntu) Importance: Undecided Status: New ** Affects: update-manager (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug bionic ** Attachment added: "secure_boot_ask.png" https://bugs.launchpad.net/bugs/1809274/+attachment/5223816/+files/secure_boot_ask.png ** Attachment removed: "WifiSyslog.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223831/+files/WifiSyslog.txt ** Attachment removed: "AlsaInfo.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223817/+files/AlsaInfo.txt ** Attachment removed: "CRDA.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223818/+files/CRDA.txt ** Attachment removed: "ProcCpuinfo.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223824/+files/ProcCpuinfo.txt ** Attachment removed: "Lspci.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223822/+files/Lspci.txt ** Attachment removed: "Lsusb.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223823/+files/Lsusb.txt ** Attachment removed: "IwConfig.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223821/+files/IwConfig.txt ** Attachment removed: "CurrentDmesg.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223819/+files/CurrentDmesg.txt ** Attachment removed: "UdevDb.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223830/+files/UdevDb.txt ** Attachment removed: "RfKill.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223829/+files/RfKill.txt ** Attachment removed: "PulseList.txt" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+attachment/5223828/+files/PulseList.txt ** Also affects: mokutil (Ubuntu) Importance: Undecided Status: New ** Also affects: update-manager (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1809274 Title: Secure boot MOK password requested for every kernel update even when booting in insecure mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1809274/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs