Got the Latitude 7520 machine, from the shim's log, it seems something wrong in the self signed certificate and the binary is not authorized.
And do some tests, basically base on the comment#6, install another test kernel and signed/enrolled with another MOK key manually.
1. install test kernel(unsigned), v5.14.0-rc7 2. shim and grub have already been updated. 3. create a MOK key * mkdir -p /var/lib/test_ker/ * openssl genrsa -out /var/lib/test_ker/TestKer.priv 2048 * openssl req -new -x509 -sha256 -subj '/CN=TestKer-key' -key /var/lib/test_ker/TestKer.priv -out /var/lib/test_ker/TestKer.pem * openssl x509 -in /var/lib/test_ker/TestKer.pem -inform PEM -out /var/lib/test_ker/TestKer.der -outform DER 4. signed kernel * sbsign --key /var/lib/test_ker/TestKer.priv --cert /var/lib/test_ker/TestKer.pem --output vmlinuz-5.14.0-051400rc7-generic.signed vmlinuz-5.14.0-051400rc7-generic 6. enroll mok key * mokutil --import Testker.der 7. reboot
The test kernel 5.14 and MOK key work normally.
Got the Latitude 7520 machine, from the shim's log, it seems something wrong in the self signed certificate and the binary is not authorized.
And do some tests, basically base on the comment#6, install another test kernel and signed/enrolled with another MOK key manually.
1. install test kernel(unsigned), v5.14.0-rc7 test_ker/ TestKer. priv 2048 test_ker/ TestKer. priv -out /var/lib/ test_ker/ TestKer. pem test_ker/ TestKer. pem -inform PEM -out /var/lib/ test_ker/ TestKer. der -outform DER test_ker/ TestKer. priv --cert /var/lib/ test_ker/ TestKer. pem --output vmlinuz- 5.14.0- 051400rc7- generic. signed vmlinuz- 5.14.0- 051400rc7- generic
2. shim and grub have already been updated.
3. create a MOK key
* mkdir -p /var/lib/test_ker/
* openssl genrsa -out /var/lib/
* openssl req -new -x509 -sha256 -subj '/CN=TestKer-key' -key /var/lib/
* openssl x509 -in /var/lib/
4. signed kernel
* sbsign --key /var/lib/
6. enroll mok key
* mokutil --import Testker.der
7. reboot
The test kernel 5.14 and MOK key work normally.