23:51:34 mm systemd[1]: Stopped user-runtime-dir@1000.service - User Runtime Directory /run/user/1000.
May 03 23:51:34 mm systemd[1]: Removed slice user-1000.slice - User Slice of UID 1000.
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-provisioning registered
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ': 8129c1e0865297b1435ad4a47e4f424e'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2017): 242ade75ac4a15e50d50c84b0d45ff3eae707a03'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (ESM 2018): 365188c1d374d6b07c3c8f240f8ef722433d6a8b'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2019): c0746fd6c5da3ae827864651ad66ae47fe24b3e8'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-provisioning registered
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 240x67
May 03 23:51:19 mm kernel: Loading compiled-in X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Build time autogenerated kernel key: 1fc0e865c21818e2f5cce3868a567b58070b6c0d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19'
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2017): 242ade75ac4a15e50d50c84b0d45ff3eae707a03'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (ESM 2018): 365188c1d374d6b07c3c8f240f8ef722433d6a8b'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2019): c0746fd6c5da3ae827864651ad66ae47fe24b3e8'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-provisioning registered
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 4b91a68732eaefdd2c8ffffc6b027ec3449e9c8f'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ': 8129c1e0865297b1435ad4a47e4f424e'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53'
May 03 23:51:19 mm kernel: Loading compiled-in module X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Build time autogenerated kernel key: 1fc0e865c21818e2f5cce3868a567b58070b6c0d'
May 03 23:51:19 mm kernel: ima: Allocated hash algorithm: sha1
May 03 23:51:19 mm kernel: ima: No architecture policies found
May 03 23:51:19 mm kernel: evm: Initialising EVM extended attributes:
May 03 23:51:19 mm kernel: evm: security.selinux
May 03 23:51:19 mm kernel: evm: security.SMACK64
May 03 23:51:19 mm kernel: evm: security.SMACK64EXEC
May 03 23:51:19 mm kernel: evm: security.SMACK64TRANSMUTE
May 03 23:51:19 mm kernel: evm: security.SMACK64MMAP
May 03 23:51:19 mm kernel: evm: security.apparmor
May 03 23:51:19 mm kernel: evm: security.ima
May 03 23:51:19 mm kernel: evm: security.capability
May 03 23:51:19 mm kernel: evm: HMAC attrs: 0x1
May 03 23:51:19 mm kernel: PM: Magic number: 7:946:865
May 03 23:51:19 mm kernel: memory_tiering: hash matches
May 03 23:51:19 mm kernel: RAS: Correctable Errors collector initialized.
May 03 23:51:19 mm kernel: Unstable clock detected, switching default tracing clock to "global" If you want to keep using the local clock, then add: "trace_clock=local"
lines 730-756
Also affects Ideapad 3 15AB7 Ryzen 5825. Kubuntu 23.10 for all Kernels up to linux-next.
In all cases, secure boot on or off, MoK enabled or not and fTPM on/off give the same result. fTPM reading is abnormal.
$ sudo dmesg | grep fTPM
[ 0.341408] tpm tpm0: AMD fTPM version 0x3004e00020005 causes system stutter; hwrng disabled
$ mokutil --sb
SecureBoot enabled
SecureBoot validation is disabled in shim
mokutil --sb
SecureBoot disabled
sudo dmesg | grep fTPM
no reading
Here's the x.509 error:
$ journalctl -b -1
...cut here...
-X.509 Boot/restart/all Kernels/all cases
23:51:34 mm systemd[1]: Stopped user-runtime- dir@1000. service - User Runtime Directory /run/user/1000. 94fa13c9f8a594a 195c107b8d' 9a5b03f98d845f9 0851dc6a8c' 9b581e61cd66bce 3ef4ed53af' 3ee41f4f7ee292f 06eecadfb9' provisioning registered d2c8ffffc6b027e c3449e9c8f' 1435ad4a47e4f42 4e' 2ad5af10b7250da 9033ddcef0' 50d50c84b0d45ff 3eae707a03' 07c3c8f240f8ef7 22433d6a8b' 827864651ad66ae 47fe24b3e8' 94fa13c9f8a594a 195c107b8d' 9a5b03f98d845f9 0851dc6a8c' 9b581e61cd66bce 3ef4ed53af' 3ee41f4f7ee292f 06eecadfb9' provisioning registered d2c8ffffc6b027e c3449e9c8f' 2f5cce3868a567b 58070b6c0d' 625abec039ef2bf 521249b969' 37e31163a466ad7 b70a850c19' 2ad5af10b7250da 9033ddcef0' 50d50c84b0d45ff 3eae707a03' 07c3c8f240f8ef7 22433d6a8b' 827864651ad66ae 47fe24b3e8' 94fa13c9f8a594a 195c107b8d' 9a5b03f98d845f9 0851dc6a8c' 9b581e61cd66bce 3ef4ed53af' 3ee41f4f7ee292f 06eecadfb9' provisioning registered d2c8ffffc6b027e c3449e9c8f' 1435ad4a47e4f42 4e' 09c8cd54f316ed5 22988a1bd4' 778cd90f99e4f9a e17c55af53' 2f5cce3868a567b 58070b6c0d' SMACK64EXEC SMACK64TRANSMUT E SMACK64MMAP
If you want to keep using the local clock, then add:
"trace_ clock=local"
May 03 23:51:34 mm systemd[1]: Removed slice user-1000.slice - User Slice of UID 1000.
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e46
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f2
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 4b91a68732eaefd
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ': 8129c1e0865297b
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2017): 242ade75ac4a15e
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (ESM 2018): 365188c1d374d6b
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2019): c0746fd6c5da3ae
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e46
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f2
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 4b91a68732eaefd
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 240x67
May 03 23:51:19 mm kernel: Loading compiled-in X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Build time autogenerated kernel key: 1fc0e865c21818e
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Live Patch Signing: 14df34d1a87cf37
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Kernel Module Signing: 88f752e560a1e07
May 03 23:51:19 mm kernel: blacklist: Loading compiled-in revocation X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2017): 242ade75ac4a15e
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (ESM 2018): 365188c1d374d6b
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2019): c0746fd6c5da3ae
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e46
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f2
May 03 23:51:19 mm kernel: zswap: loaded using pool lzo/zbud
May 03 23:51:19 mm kernel: Key type .fscrypt registered
May 03 23:51:19 mm kernel: Key type fscrypt-
May 03 23:51:19 mm kernel: Key type trusted registered
May 03 23:51:19 mm kernel: Key type encrypted registered
May 03 23:51:19 mm kernel: AppArmor: AppArmor sha1 policy hashing enabled
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Lenovo UEFI CA 2014: 4b91a68732eaefd
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Problem loading X.509 certificate -65
May 03 23:51:19 mm kernel: fbcon: Taking over console
May 03 23:51:19 mm kernel: integrity: Error adding keys to platform keyring UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: Console: switching to colour frame buffer device 240x67
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert ': 8129c1e0865297b
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd827
May 03 23:51:19 mm kernel: integrity: Loading X.509 certificate: UEFI:db
May 03 23:51:19 mm kernel: integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49
May 03 23:51:19 mm kernel: Loading compiled-in module X.509 certificates
May 03 23:51:19 mm kernel: Loaded X.509 cert 'Build time autogenerated kernel key: 1fc0e865c21818e
May 03 23:51:19 mm kernel: ima: Allocated hash algorithm: sha1
May 03 23:51:19 mm kernel: ima: No architecture policies found
May 03 23:51:19 mm kernel: evm: Initialising EVM extended attributes:
May 03 23:51:19 mm kernel: evm: security.selinux
May 03 23:51:19 mm kernel: evm: security.SMACK64
May 03 23:51:19 mm kernel: evm: security.
May 03 23:51:19 mm kernel: evm: security.
May 03 23:51:19 mm kernel: evm: security.
May 03 23:51:19 mm kernel: evm: security.apparmor
May 03 23:51:19 mm kernel: evm: security.ima
May 03 23:51:19 mm kernel: evm: security.capability
May 03 23:51:19 mm kernel: evm: HMAC attrs: 0x1
May 03 23:51:19 mm kernel: PM: Magic number: 7:946:865
May 03 23:51:19 mm kernel: memory_tiering: hash matches
May 03 23:51:19 mm kernel: RAS: Correctable Errors collector initialized.
May 03 23:51:19 mm kernel: Unstable clock detected, switching default tracing clock to "global"
lines 730-756