reset doesn't seem to work #13
Comments
|
Did MokManager show to ask for cleaning Mok? |
|
|
nothing changed during boot after that |
|
It may be important to note that I'm using mokutil from 20170404 git, and mmx64.efi is version 15-5 from fedora here: https://koji.fedoraproject.org/koji/buildinfo?buildID=1079378 |
|
If /sys/firmware/efi/efivars/MokAuth-* existed after "mokutil --reset", then mokutil already did its job. I wonder why MokManager didn't show during the next boot. Could you check "efibootmgr -v" and see if shim.efi is in the default boot option? |
|
shim is the default boot option, I have secure boot required and nothing
but shim is signed so I can't really mess that one up ;-)
…On Sun, Jul 15, 2018 at 10:50 PM, Gary Ching-Pang Lin < ***@***.***> wrote:
If /sys/firmware/efi/efivars/MokAuth-* existed after "mokutil --reset",
then mokutil already did its job. I wonder why MokManager didn't show
during the next boot.
Could you check "efibootmgr -v" and see if shim.efi is in the default boot
option?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#13 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/ABl--aniuelULygR6ZDQT7jhK1Uo-skaks5uG_-PgaJpZM4VJqTh>
.
|
|
Then this is probably an issue in shim. Please report the issue to https://github.com/rhboot/shim |
|
Intuitively, I would expect |
|
Sorry for the late reply. In the beginning, there is only MokNew and MokAuth for MokList, so "--reset" is designed for MokList. Over time, there are more Mok Vars added, and it's not good to change the option now :( |
if I --list-enrolled and then --reset and --list-enrolled again, all the hashes I've added are still there. Not being certain how this all works, I reboot and check --list-enrolled again and all the sha256 hashes are still there. Am I doing this wrong, or is this feature broken?
The text was updated successfully, but these errors were encountered: