I have a strange problem with secure boot and self-signed kernels. On 20.10 I was able to boot (everything with Secure Boot) both canonical-signed and self-signed kernels. After upgrade to 21.04 loading self-signed kernels doesn't work anymore: I get "vmlinuz has invalid signature" error. The error seems clear enough, but:
- Secure Boot is on and grub loads just fine and loads canonical-signed kernels 100% fine (so it's something about my singing key, right?)
- my custom key seems to be enrolled into mok db just fine
root@T495:~# mokutil --test-key /root/mok/MOK.der mok/MOK.der is already enrolled - image is signed with the same key as checked above with mokutil
sudo sbsign --key /root/mok/MOK.priv --cert /root/mok/MOK.pem /boot/vmlinuz-5.13.3-051303-generic --output /boot/vmlinuz-5.13.3-051303-generic Image was already signed; adding additional signature
What am I missing?
