© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Also affects Ideapad 3 15AB7 Ryzen 5825. Kubuntu 23.10 for all Kernels up to linux-next.
In all cases, secure boot on or off, MoK enabled or not and fTPM on/off give the same result. fTPM reading is abnormal.
$ sudo dmesg | grep fTPM
[ 0.341408] tpm tpm0: AMD fTPM version 0x3004e00020005 causes system stutter; hwrng disabled
$ mokutil --sb
SecureBoot enabled
SecureBoot validation is disabled in shim
mokutil --sb
SecureBoot disabled
sudo dmesg | grep fTPM
no reading
Here's the x.509 error:
$ journalctl -b -1
...cut here...
-X.509 Boot/restart/all Kernels/all cases
23:51:34 mm systemd[1]: Stopped user-runtime-
May 03 23:51:34 mm systemd[1]: Removed slice user-1000.slice - User Slice of UID 1000.
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e46
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f2
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 4b91a68732eaefd
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ': 8129c1e0865297b
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2017): 242ade75ac4a15e
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (ESM 2018): 365188c1d374d6b
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2019): c0746fd6c5da3ae
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e46
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f2
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 4b91a68732eaefd
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 240x67
May 03 23:51:19 mm kernel: Loading compiled-in X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Build time autogenerated kernel key: 1fc0e865c21818e
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Live Patch Signing: 14df34d1a87cf37
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Kernel Module Signing: 88f752e560a1e07
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2017): 242ade75ac4a15e
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (ESM 2018): 365188c1d374d6b
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2019): c0746fd6c5da3ae
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e46
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f2
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 4b91a68732eaefd
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ': 8129c1e0865297b
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd827
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49
May 03 23:51:19 mm kernel: Loading compiled-in module X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Build time autogenerated kernel key: 1fc0e865c21818e
May 03 23:51:19 mm kernel: ima: Allocated hash algorithm: sha1
May 03 23:51:19 mm kernel: ima: No architecture policies found
May 03 23:51:19 mm kernel: evm: Initialising EVM extended attributes:
May 03 23:51:19 mm kernel: evm: security.selinux
May 03 23:51:19 mm kernel: evm: security.SMACK64
May 03 23:51:19 mm kernel: evm: security.
May 03 23:51:19 mm kernel: evm: security.
May 03 23:51:19 mm kernel: evm: security.
May 03 23:51:19 mm kernel: evm: security.apparmor
May 03 23:51:19 mm kernel: evm: security.ima
May 03 23:51:19 mm kernel: evm: security.capability
May 03 23:51:19 mm kernel: evm: HMAC attrs: 0x1
May 03 23:51:19 mm kernel: PM: Magic number: 7:946:865
May 03 23:51:19 mm kernel: memory_tiering: hash matches
May 03 23:51:19 mm kernel: RAS: Correctable Errors collector initialized.
May 03 23:51:19 mm kernel: Unstable clock detected, switching default tracing clock to "global"
lines 730-756