secure boot password "password" is reported to be 'good'

Bug #1897929 reported by fossfreedom on 2020-09-30
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ubiquity (Ubuntu)

Bug Description

When entering the secure boot password in ubiquity the password "password" is reported to be "good".

It really isn't good!

Suggest use the algorithm for the GNOME add users password. However I would be reluctant to force users to use a really 'good' password if they didnt want to.

ProblemType: Bug
DistroRelease: Ubuntu 20.10
Package: ubiquity 20.10.10
ProcVersionSignature: Ubuntu 5.8.0-20.21-generic 5.8.10
Uname: Linux 5.8.0-20-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu48
Architecture: amd64
CasperMD5CheckResult: pass
CasperVersion: 1.452
CurrentDesktop: Budgie:GNOME
Date: Wed Sep 30 15:52:29 2020
InstallCmdLine: BOOT_IMAGE=/casper/vmlinuz file=/cdrom/preseed/ubuntu-budgie.seed maybe-ubiquity quiet splash ---
LiveMediaBuild: Ubuntu-Budgie 20.10 "Groovy Gorilla" - Beta amd64 (20200930)
 PATH=(custom, no user)
SourcePackage: ubiquity
UpgradeStatus: No upgrade log present (probably fresh install)

fossfreedom (fossfreedom) wrote :
Ubuntu QA Website (ubuntuqa) wrote :

This bug has been reported on the Ubuntu ISO testing tracker.

A list of all reports related to this bug can be found here:

tags: added: iso-testing
fossfreedom (fossfreedom) wrote :

... or at least consistent with the who-are-you screen where "password" is reported as "poor"

Łukasz Zemczak (sil2100) wrote :

I wonder how it looks in previous series? Since I don't think this particular part of ubiquity has changed recently. Can you take a look a focal etc.?

Changed in ubiquity (Ubuntu):
status: New → Incomplete
fossfreedom (fossfreedom) wrote :

Lukasz - you are quite correct - it is wrong/misleading on 20.04.1 as well.

Changed in ubiquity (Ubuntu):
status: Incomplete → New
tags: added: rls-hh-incoming
Dimitri John Ledkov (xnox) wrote :

It's one time only pin. It will only be used for the one time enrollment of MOK.

Thus any 8 character long thing is good enough.

Steve Langasek (vorlon) wrote :

We shouldn't be doing password quality checks at all on the mok password. But I don't think it's all that high priority to remove this, unless there are circumstances in which we're telling users their mok password is bad.

Changed in ubiquity (Ubuntu):
importance: Undecided → Low
Steve Langasek (vorlon) on 2020-10-29
tags: added: rls-hh-notfixing
removed: rls-hh-incoming
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers