[Bug 808680] New: mokutil looks into wrong path
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c0 Summary: mokutil looks into wrong path Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Bootloader AssignedTo: glin@suse.com ReportedBy: lnussel@suse.com QAContact: jsrain@suse.com Found By: --- Blocker: --- # mokutil --sb-state Failed to read SecureBoot turns out it looks into /sys/firmware/efi/efivars instead of /sys/firmware/efi/vars -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c1 --- Comment #1 from Gary Ching-Pang Lin <glin@suse.com> 2013-03-12 01:48:14 UTC --- Oops, I didn't update the path. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c2 --- Comment #2 from Gary Ching-Pang Lin <glin@suse.com> 2013-03-12 02:32:50 UTC --- OK, actually, "/sys/firmware/efi/efivars" is the correct path to the efivars filesystem, and "/sys/firmware/efi/vars" is the old efivars sysfs. The old efivars didn't support the data over 1KB, so kernel upstream created the new efivars, and mokutil relies on the new one. I guess we missed some kernel or systemd patches to mount efivarsfs. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c3 --- Comment #3 from Ludwig Nussel <lnussel@suse.com> 2013-03-12 09:01:38 CET --- So whats the best way to get a working mokutil on 12.3? I think it's a necessary tool to have shim call MokManager on reboot to e.g. import new keys, right? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c4 Gary Ching-Pang Lin <glin@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |jlee@suse.com --- Comment #4 from Gary Ching-Pang Lin <glin@suse.com> 2013-03-12 08:27:10 UTC --- We need a kernel supporting the efivars filesystem. Joey, any comment? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c5 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |jlee@suse.com InfoProvider|jlee@suse.com | --- Comment #5 from Joey Lee <jlee@suse.com> 2013-03-12 08:53:38 UTC --- (In reply to comment #4)
We need a kernel supporting the efivars filesystem.
Joey, any comment?
Yep, I have backported a patchset from v3.8 kernel to openSUSE 12.3 kernel, the review request mail is here: http://lists.opensuse.org/opensuse-kernel/2013-01/msg00072.html http://lists.opensuse.org/opensuse-kernel/2013-01/msg00074.html At least we need this patch to create a mount point at /sys/firmware/efi/efivars for mount efivarfs. Then you can mount it manually: # mount -t efivarfs none /sys/firmware/efi/efivars/ Due to we doesn't support kernel module sign in openSUSE 12.3, so that's not make sense to use MokManager to enroll key for kernel module sign check. And, I also don't know we support MOK in openSUSE 12.3. And, the patchset didn't receive any response from openSUSE community, that's why I finally didn't merge it to openSUSE 12.3 kernel (v3.7). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c6 --- Comment #6 from Ludwig Nussel <lnussel@suse.com> 2013-03-12 11:04:34 CET --- grub requires a signed kernel though. So to allow self compiled kernels those kernels need to be signed as well. So we need mokmanager. Could you please push those changes to be included into the next openSUSE 12.3 kernel update ASAP please? In the meantime, is there any other way to make mokmanager pop up so one can import custom keys? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c7 --- Comment #7 from Gary Ching-Pang Lin <glin@suse.com> 2013-03-13 03:02:50 UTC --- The easiest way I know is to create a grub2 entry to chainload MokManager. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c8 --- Comment #8 from Joey Lee <jlee@suse.com> 2013-03-14 08:31:53 UTC --- (In reply to comment #6)
grub requires a signed kernel though. So to allow self compiled kernels those kernels need to be signed as well. So we need mokmanager. Could you please push those changes to be included into the next openSUSE 12.3 kernel update ASAP please?
I will clear up all patches for support mokmanager after I finish my job on SLE11 SP3. I am sticking on EFI variable with pstore now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|glin@suse.com |jlee@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c9 --- Comment #9 from Ludwig Nussel <lnussel@suse.com> 2013-03-27 08:58:08 CET --- Did you have time to work on this yet? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c Jeffrey Cheung <jcheung@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |jcheung@suse.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c10 --- Comment #10 from Joey Lee <jlee@suse.com> 2013-04-01 09:49:59 UTC --- Created an attachment (id=532785) --> (http://bugzilla.novell.com/attachment.cgi?id=532785) patches.efivarfs.opensuse.tar.bz2 Sent 33 patches from v3.8..v3.9-rc2 to openSUSE kernel mail for reviewing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c Jeffrey Cheung <jcheung@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808680 https://bugzilla.novell.com/show_bug.cgi?id=808680#c11 Joey Lee <jlee@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |WONTFIX --- Comment #11 from Joey Lee <jlee@suse.com> 2013-05-02 06:58:02 UTC --- Until now, upstream still looking the effect of Matthew's patches in v3.9 kernel for avoid brick some machines. Due to enable EFI variable filesystem is late to openSUSE 12.3 and also dangerous to Samsung machines, so I suggest move MOK support to openSUSE 13.1 Set status to WONTFIX. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com