On Wed, 2025-07-09 at 17:58 -0400, Chris Murphy wrote: > > On Wed, Jul 9, 2025, at 5:14 PM, Chris Adams wrote: > > Once upon a time, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> said: > > > Not After : Jun 27 21:32:45 2026 GMT > > <snip> > > > I'm confused why I'm able to boot. Seems like shim should fail verification if the public key is expired. > > > > Are you posting from the future? :) > > I'm not supposed to admit that. ;) > > OK so after firmware update the system unsurprisingly still boots, because it is apparently still 2025. But none of the certificates have changed. I guess they'll get around to it in the next 11 months? > > Meanwhile I've (re)experienced a "feature" of my Lenovo firmware. Whereupon loading BIOS defaults and saving them, there are no more boot entries listed in the firmware boot menu. Not Windows. Not Fedora. Both have bootloaders found on the EFI System partition but apparently this firmware won't list them unless they're also found in efivars? Upon choosing the nvme raw device (it doesn't list partitions) it boots... Windows. > > root@fovo:/boot/efi/EFI/BOOT# sha256sum BOOTX64.EFI > 4773d74d87c2371a25883b59a3b6d98d157de46933676706d215015b1130f2d1 BOOTX64.EFI > root@fovo:/boot/efi/EFI/BOOT# sha256sum ../fedora/shimx64.efi > 4773d74d87c2371a25883b59a3b6d98d157de46933676706d215015b1130f2d1 ../fedora/shimx64.efi > > Windows recovery boot menu likewise won't list Fedora, I guess because it's not found in efivars. > > Track down a Fedora install USB stick, and I'm able to fix this with efibootmgr, but... what a swig of sour milk. I'd put this in the soft fail category of how these sorts of updates can go sideways. That all sounds more or less 'as it should be', I think :/ The current contents of the UEFI boot manager is usually considered 'configuration' that will be wiped by a reset-to-default. It kinda has to be, because it can cause problems - my very old test motherboard has some kind of bug which causes boot manager entries to pile up until the system actually can't boot any more, and resetting to defaults is the only way to clear it if you let it get that far without pruning them manually, for instance. Fedora automatically re-adds itself to the boot manager config if you boot it via the fallback path, which is a very cool trick, but of course won't work if Windows is occupying the fallback path. -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@xxxxxxxxxxxxx https://www.happyassassin.net -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
