02-06-2024, 06:51 PM
(02-06-2024, 02:26 PM)stevef link Wrote: Out of interest, does the log still report these after good Linux boots
"Problem loading X.509 certificate -65"
"Error adding keys to platform keyring UEFI:db"
Here are the X.509 Log Items from a fresh boot. Yes, still get an error adding keys:
Feb 06 18:12:52 Lenovo-LL kernel: Loading compiled-in X.509 certificates
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Build time autogenerated kernel key: ec648241a1c40ddb590b5abe6c9f36ba54d989a2'
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969'
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19'
Feb 06 18:12:52 Lenovo-LL kernel: blacklist: Loading compiled-in revocation X.509 certificates
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2017): 242ade75ac4a15e50d50c84b0d45ff3eae707a03'
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (ESM 2018): 365188c1d374d6b07c3c8f240f8ef722433d6a8b'
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2019): c0746fd6c5da3ae827864651ad66ae47fe24b3e8'
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
Feb 06 18:12:52 Lenovo-LL kernel: zswap: loaded using pool lzo/zbud
Feb 06 18:12:52 Lenovo-LL kernel: Key type .fscrypt registered
Feb 06 18:12:52 Lenovo-LL kernel: Key type fscrypt-provisioning registered
Feb 06 18:12:52 Lenovo-LL kernel: Key type encrypted registered
Feb 06 18:12:52 Lenovo-LL kernel: AppArmor: AppArmor sha1 policy hashing enabled
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Loading X.509 certificate: UEFI:db
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Problem loading X.509 certificate -65
Feb 06 18:12:52 Lenovo-LL kernel: fbcon: Taking over console
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Error adding keys to platform keyring UEFI:db
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Loading X.509 certificate: UEFI:db
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Loaded X.509 cert 'E8S350141517ADA: d9ad0d486703a8bc46d842ed4ff82287'
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Loading X.509 certificate: UEFI:db
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Loading X.509 certificate: UEFI:db
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53'
Feb 06 18:12:52 Lenovo-LL kernel: Console: switching to colour frame buffer device 240x67
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Loading X.509 certificate: UEFI:MokListRT (MOKvar table)
Feb 06 18:12:52 Lenovo-LL kernel: integrity: Loaded X.509 cert 'Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63'
Feb 06 18:12:52 Lenovo-LL kernel: ima: No TPM chip found, activating TPM-bypass!
Feb 06 18:12:52 Lenovo-LL kernel: Loading compiled-in module X.509 certificates
Feb 06 18:12:52 Lenovo-LL kernel: Loaded X.509 cert 'Build time autogenerated kernel key: ec648241a1c40ddb590b5abe6c9f36ba54d989a2'
Feb 06 18:12:52 Lenovo-LL kernel: ima: Allocated hash algorithm: sha1
Feb 06 18:12:52 Lenovo-LL kernel: ima: No architecture policies found
Feb 06 18:12:52 Lenovo-LL kernel: evm: Initialising EVM extended attributes:
Feb 06 18:12:52 Lenovo-LL kernel: evm: security.selinux
Feb 06 18:12:52 Lenovo-LL kernel: evm: security.SMACK64
Feb 06 18:12:52 Lenovo-LL kernel: evm: security.SMACK64EXEC
Feb 06 18:12:52 Lenovo-LL kernel: evm: security.SMACK64TRANSMUTE
Feb 06 18:12:52 Lenovo-LL kernel: evm: security.SMACK64MMAP
Feb 06 18:12:52 Lenovo-LL kernel: evm: security.apparmor
Feb 06 18:12:52 Lenovo-LL kernel: evm: security.ima
Feb 06 18:12:52 Lenovo-LL kernel: evm: security.capability
Feb 06 18:12:52 Lenovo-LL kernel: evm: HMAC attrs: 0x1
Feb 06 18:12:52 Lenovo-LL kernel: PM: Magic number: 12:502:240
Feb 06 18:12:52 Lenovo-LL kernel: acpi_cpufreq: overriding BIOS provided _PSD data
Feb 06 18:12:52 Lenovo-LL kernel: RAS: Correctable Errors collector initialized.
Feb 06 18:12:52 Lenovo-LL kernel: Lockdown: swapper/0: hibernation is restricted; see man kernel_lockdown.7
Feb 06 18:12:52 Lenovo-LL kernel: Unstable clock detected, switching default tracing clock to "global"
If you want to keep using the local clock, then add:
"trace_clock=local"
on the kernel command line
Feb 06 18:12:52 Lenovo-LL kernel: Freeing unused decrypted memory: 2036K
................
Feb 06 18:12:52 Lenovo-LL kernel: cfg80211: Loading compiled-in X.509 certificates for regulatory database
Feb 06 18:12:52 Lenovo-LL kernel: cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
........................
I also looked for "failed" and "error" and found:
Feb 06 18:12:54 Lenovo-LL systemd[1]: Starting GRUB failed boot detection...........Feb 06 18:12:54 Lenovo-LL systemd[1]: secureboot-db.service: Deactivated successfully.........Feb 06 18:12:54 Lenovo-LL systemd[1]: Finished Secure Boot updates for DB and DBX.Feb 06 18:12:54 Lenovo-LL systemd[1]: Finished GRUB failed boot detection.Feb 06 18:12:54 Lenovo-LL ModemManager[846]: <info> ModemManager (version 1.20.0) starting in system bus...
Feb 06 18:12:54 Lenovo-LL bluetoothd[711]: Failed to set mode: Blocked through rfkill (0x12).......................
Then 100's of these:
Feb 06 18:13:06 Lenovo-LL ifup[878]: W: Tried to start delayed item http://security.ubuntu.com/ubuntu jammy-security InRelease, but failed
No other failed or errors that seemed relevant
Cheers
Alan
Alan in the UK
1: Using LL in VBox on a Win 10 Pro Ryzen 7 3800X 8GB ram and SSD PC to test code for implementing on various Rasp Pi from Zero to 4
2: LL 6.6 on an old AMD A88MX m/b with A4 5300 processor & 4GB ram and SSD/PCMIe adapter with Clover.
3: LL 6.6 on a Lenovo laptop with AMD Ryzen 5 processor and 8 GB of ram and SSD. Dual boot with Win11 Home.
1: Using LL in VBox on a Win 10 Pro Ryzen 7 3800X 8GB ram and SSD PC to test code for implementing on various Rasp Pi from Zero to 4
2: LL 6.6 on an old AMD A88MX m/b with A4 5300 processor & 4GB ram and SSD/PCMIe adapter with Clover.
3: LL 6.6 on a Lenovo laptop with AMD Ryzen 5 processor and 8 GB of ram and SSD. Dual boot with Win11 Home.