#1076278 please update update-secureboot-policy / add '--new-key' option

Package:
shim-signed
Source:
shim-signed
Description:
Secure Boot chain-loading bootloader (Microsoft-signed binary)
Submitter:
Date:
2024-07-13 14:33:04 UTC
Severity:
normal
#1076278#5
Date:
2024-07-13 14:27:00 UTC
From:
To:
Dear maintainer,

Debian's update-secureboot-policy [1] might be an outdated version of
Ubuntu's update-secureboot-policy [2]. Could you please update it?

Rationale? This might cause a broken DKMS feature to automatically
enroll the DKMS signing key. [3] [4]

Cheers,
Patrick

[1]
https://salsa.debian.org/efi-team/shim-signed/-/blob/master/update-secureboot-policy?ref_type=heads

[2]
https://git.launchpad.net/~ubuntu-core-dev/shim/+git/shim-signed/tree/update-secureboot-policy
https://git.launchpad.net/~ubuntu-core-dev/shim/+git/shim-signed/tree/update-secureboot-policy

[3] automate running "`sudo mokutil --import /var/lib/dkms/mok.pub`"
https://github.com/dell/dkms/issues/429

[4] Debian feature request: enroll DKMS signing key / automate running
"sudo mokutil --import /var/lib/dkms/mok.pub"
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076269