[Bug 2127812] [NEW] Mokutil thinks Secure Boot is not enabled while Secure Boot was left enabled by default

Mon, 13 Oct 2025 12:50:43 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

Description:    Ubuntu 24.04.3 LTS
Release:        24.04

mokutil:
  Installed: 0.6.0-2build3
  Candidate: 0.6.0-2build3
  Version table:
 *** 0.6.0-2build3 500
        500 http://archive.ubuntu.com/ubuntu noble/main amd64 Packages
        100 /var/lib/dpkg/status

While my GPD Win Mini has Secure Boot enabled by default, after
installing Ubuntu 24.04 on it I noticed the mokutil falsely thinks it's
not enabled which can lead vulnerabilities because without Secure Boot
being enable according to mokutil bad actors can access our computers.

When I typed mokutil --sb-state while I left Secure Boot enabled, it
shows this.

SecureBoot disabled
Platform is in Setup Mode

ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: mokutil 0.6.0-2build3
ProcVersionSignature: Ubuntu 6.14.0-33.33~24.04.1-generic 6.14.11
Uname: Linux 6.14.0-33-generic x86_64
ApportVersion: 2.28.1-0ubuntu3.8
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: ubuntu:GNOME
Date: Mon Oct 13 12:27:41 2025
InstallationDate: Installed on 2025-10-13 (1 days ago)
InstallationMedia: Ubuntu 24.04.3 LTS "Noble Numbat" - Release amd64 
(20250805.1)
ProcEnviron:
 LANG=en_US.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm-256color
SourcePackage: mokutil
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: mokutil (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug noble

** Summary changed:

- Secure Boot is not enabled while Secure Boot was enabled by default
+ Mokutil thinks Secure Boot is not enabled while Secure Boot was left enabled 
by default

** Information type changed from Private Security to Public Security

** Information type changed from Public Security to Private Security

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2127812

Title:
  Mokutil thinks Secure Boot is not enabled while Secure Boot was left
  enabled by default

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mokutil/+bug/2127812/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to