Ubuntu
linux package

integrity: Problem loading X.509 certificate

Bug #1930783 reported by Basil K Y
66
This bug affects 13 people
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Following error shows on Acer machines while booting when UEFI boot is enabled.

integrity: Problem loading X.509 certificate -65

The issue is discussed at https://bugzilla.opensuse.org/show_bug.cgi?id=1129471 and a patch is available at https://lkml.org/lkml/2019/7/16/23. Seems like this patch is not included in Ubuntu as I'm still getting this error.

I'm using Linux Mint 20, which is based on Ubuntu 20.04. This error comes while live booting Ubuntu 20.04 and Ubuntu 18.04 also.

See original description
Tags: kernel-bug
Revision history for this message
Basil K Y (basilky) wrote :
tags: added: kernel-bug
Revision history for this message
Basil K Y (basilky) wrote :
description: updated
Revision history for this message
Basil K Y (basilky) wrote :
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:

apport-collect 1930783

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux (Ubuntu) because there has been no activity for 60 days.]

Changed in linux (Ubuntu):
status: Incomplete → Expired
Revision history for this message
EigenFunctions (eigenfunctions) wrote :

I have this problem now and it has been recurring for months. When the laptop does boot, it often has features that are non-operational (e.g., no HDMI, no Bluetooth, no audio, etc.). When it does boot with features operational, it often takes 20secs for a program to start (e.g., sudo, cp, Firefox, Aoo, etc.).

Can you help?

Machine Type: Acer Aspire 5 Laptop (model A515-51-50RR)
Processor: Intel Core i5-7200U at 2.50GHz (8GB RAM; 1TB HDD)
O/S: 64-bit Ubuntu 18.04.6 LTS

Revision history for this message
GP Garcia (tenthandhess) wrote :

I also have this issue but on a Lenovo laptop with Ubuntu 22.04. It doesn't seem to affect anything but happens on every boot despite changing SecureBoot options.

Revision history for this message
Grzegorz Jarek (gjarek) wrote (last edit ):

I also have this bug. Laptop is Acer Nitro 5 AN515-54, I5-9300H, GTX-1050 3GB, 256SSD M2, and added 500GB HDD. It started when I installed kubuntu, but even after factory reset the problem persists. On MS Mindows only there was no message, but when I plug in bootable USB with Ubuntu live it throws this message. If it will help I can upload my boot log. Cheers!

Revision history for this message
Aaron Feller (aaronlfeller) wrote :

I have this error message as well on an Acer laptop. There doesn't seem to be any issues outside of the error message.

I ran sudo badblocks -sv /dev/<ubuntu drive> with no change.

Revision history for this message
martinr (martinr1111) wrote :

I'm also experiencing the same problem on a laptop: Acer Swift 3 SF314-43-R2LX.

I'm running: Ubuntu 22.04.1 LTS
Linux 5.15.0-60-generic #66-Ubuntu SMP Fri Jan 20 14:29:49 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

I tried adding the requested apport-collect 1930783, but I get error:
"the report is already closed".

But still the problem persists.

Changed in linux (Ubuntu):
status: Expired → New
status: New → Confirmed
Revision history for this message
Fernando Lopes (fefehex12) wrote :

Hello there, i have seen this exact problem on my Acer Aspire A515-52G as well, so decided to come here and confirm the issue.

Currently running: Ubuntu 22.04.2 LTS
- Kernel 5.19.0-32-generic

From what i recall, the issue persisted through Ubuntu 22.10 as well.

Revision history for this message
Janne Snabb (snabb) wrote :

Also affects:
Computer: Lenovo Yoga Slim 7 Pro 14ACH5 (82MS008AMX)
Ubuntu version: Ubuntu 22.04.2 LTS
Kernel: linux-image-5.19.0-35-generic

Revision history for this message
MikeMecanic (xyz-t) wrote :
Download full text (8.9 KiB)

Also affects Ideapad 3 15AB7 Ryzen 5825. Kubuntu 23.10 for all Kernels up to linux-next.

In all cases, secure boot on or off, MoK enabled or not and fTPM on/off give the same result. fTPM reading is abnormal.

$ sudo dmesg | grep fTPM
[ 0.341408] tpm tpm0: AMD fTPM version 0x3004e00020005 causes system stutter; hwrng disabled

$ mokutil --sb
SecureBoot enabled
SecureBoot validation is disabled in shim

mokutil --sb
SecureBoot disabled
sudo dmesg | grep fTPM
no reading

Here's the x.509 error:

$ journalctl -b -1

...cut here...
-X.509 Boot/restart/all Kernels/all cases

23:51:34 mm systemd[1]: Stopped user-runtime-dir@1000.service - User Runtime Directory /run/user/1000.
May 03 23:51:34 mm systemd[1]: Removed slice user-1000.slice - User Slice of UID 1000.
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-provisioning registered
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ': 8129c1e0865297b1435ad4a47e4f424e'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2017): 242ade75ac4a15e50d50c84b0d45ff3eae707a03'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (ESM 2018): 365188c1d374d6b07c3c8f240f8ef722433d6a8b'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2019): c0746fd6c5da3ae827864651ad66ae47fe24b3e8'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb38...

Read more...

Revision history for this message
Andrea (andrea-cavazzin) wrote :

Also affects:
Computer: Acer Nitro 515
Ubuntu version: Ubuntu 22.04.2 LTS
Kernel: linux-image-5.19.0-35-generic

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.