Manually steps in grub: chainloader mmx64.efi, then "Enroll key from disk" -> /var/lib/shim-signed/mok/MOK.der.
shim-signed/focal,now 1.40+15+1533136590.3beb971-0ubuntu1 amd64 In this case there is no problem with the certificate. I think there are two possibilities: MokManager or UEFI firmware. I tested several versions (shim + MokManager): - Ubuntu: 19.10, 20.04-beta -> certificate error - Fedora: 31 -> certificate error - openSUSE: tumbleweed -> work, possible to add this any other certificates (https://download.opensuse.org/tumbleweed/repo/oss/EFI/BOOT/). Today I compiled (from https://github.com/rhboot/shim/releases) and signed MokManager with my own key, versions 14 and 15. Both work. I'm attaching the keys from UEFI: pk, kek, db. ** Attachment added: "pk.txt" https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1870955/+attachment/5351885/+files/pk.txt -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1870955 Title: MokManager - Only DER encoded certificate (*.cer/der/crt) is supported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1870955/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
