Comment 17 for bug 1798863

There's a bit I don't understand:

"* Signature verification appears to be disabled, and cannot be enabled again. It appeared to be enabled previously, as loading of unsigned modules was failing, and `mokutil --enable-validation` runs without incident; however, upon the next boot when attempting to confirm the change, MokManager prints an error message "Unable to delete Secure Boot state" after completing the password challenge."

Sure, there are other issues at play here, but every test I've done of this has been working just fine, and at that point we're not actually talking to the kernel at all. Could we be hitting an issue with the firmware on this specific HP machine? Is this something you see on other hardware (if you can test)? If you toggle validation in 18.04, do things work then?

I wonder if you're hitting an issue here due to versioning of the different EFI binaries; if you have 18.10 and 18.04 installed, I wonder which version of shim and mokmanager are actually being used.

As for what happens at the kernel level, I don't know. If the MOK key is available there (it certainly seemed to be), then I concur there would have to be a bug in the keyring handling.