Ubuntu

No authentication keys found in fresh installed Jammy

Asked by MadhuSoodanan

Software sources shows no authentication key of Trusted software providers in fresh installed Jammy. 'Problem loading X.509 certificate -65' showed when I tried using the OS (Bootable USB) downloaded at two times. After every booting this line appears. Should I do anything to fix this issue? .... I mean when I tried using the USB even the after the second install.

PRETTY_NAME="Ubuntu 22.04 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04 (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:

This question was reopened

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#1

After I faced the issue I tried using 20.04LTS. But it had no such issues.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#2

What is the full output of:

sudo apt-get update

Thanks

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#3

Hit:1 http://in.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy InRelease
Hit:6 https://esm.ubuntu.com/infra/ubuntu jammy-infra-security InRelease
Hit:7 https://esm.ubuntu.com/infra/ubuntu jammy-infra-updates InRelease
Reading package lists... Done

Revision history for this message
Manfred Hampl (m-hampl) said : 		#4

What is the output of the command

dmesg | grep 'X.509'

If you have already dumped the system with the problem (by installing Ubuntu 20.04 over it) then there is not much that can be done to find the cause of the error.

Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#5

Looks fine. No errors there....

Revision history for this message
Bernard Stafford (bernard010) said : 		#6

Your authentication key from: Ubuquity Sys Log
'Ubuntu 22.04 LTS _Jammy Jellyfish_ - Release amd64 (20220419)'
Apr 22 17:10:51 ubuntu apt-setup: Copying package lists...
Apr 22 17:10:51 ubuntu apt-setup: gpgv: Signature made Tuesday 19 April 2022 03:51:14 PM IST
Apr 22 17:10:51 ubuntu apt-setup: gpgv: using RSA key 843938DF228D22F7B3742BC0D94AA3F0EFE21092
Apr 22 17:10:51 ubuntu apt-setup: gpgv: Good signature from "Ubuntu CD Image Automatic Signing Key (2012) <email address hidden>"
Looks intact as replied above.

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#7

There is no Trusted key in Software & Updates > Authentication > Trusted Key Providers. In all the earlier versions there had been at least 3 authentication keys.

Is there any other way to check them?

Revision history for this message
Manfred Hampl (m-hampl) said : 		#8

There seems to be a big confusion about the authentication keys.

There are the trusted keys in Software & Updates (to guarantee authenticity of the software packages)

And there are the X.509 keys for kernel signing (see dmesg output in the bug report)

Loading compiled-in X.509 certificates
Loaded X.509 cert 'Build time autogenerated kernel key: c887ab1fa6442665629113512b4db089a7808038'
Loaded X.509 cert 'Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969'
Loaded X.509 cert 'Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19'

They are completely independent of each other and are dealing with different parts of the system.

What exactly is the problem?
Which kind of authentication keys are we talking about?
Which Ubuntu release are you now running?
What are the error messages that you receive?

What is the output of the commands

uname -a
lsb_release -crid
apt-key list

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#9

lsb_release -crid
apt-key list
xxxx-V15-ADA 5.15.0-27-generic #28-Ubuntu SMP Thu Apr 14 04:55:28 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Distributor ID: Ubuntu
Description: Ubuntu 22.04 LTS
Release: 22.04
Codename: jammy
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg.d/ubuntu-advantage-esm-infra-trusty.gpg
------------------------------------------------------------
pub rsa4096 2019-04-17 [SC]
      56F7 650A 24C9 E9EC F87C 4D8D 4067 E403 13CB 4B13
uid [ unknown] Ubuntu Extended Security Maintenance Automatic Signing Key v2 <email address hidden>
sub rsa4096 2019-04-17 [E]

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <email address hidden>

/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C
uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <email address hidden>

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#10

But this key list is not in Software & Updates > Authentication .......... These keys were seen there in earlier versions.

The error message is at booting is .... 'Problem loading X.509 certificate -65'

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#11
Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#12
Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#13

Please note #9 and #10

I missed #4

Here is the output:

dmesg | grep 'X.509'
dmesg: read kernel buffer failed: Operation not permitted

I don't know whether this doubt is sensible: If the authentication keys or x.509 certificates are OK the first issue will be solved?

Revision history for this message
Manfred Hampl (m-hampl) said : 		#14

The X.509 issue most probably is Bug #1930783 and has nothing to do with the package signatures.

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#15

Thanks Manfred Hampl, that solved my question.

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#16

Thanks a lot.

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#17

If necessary, how can I add /import these authentication keys to Software & Updates ?

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#18

I mean,

Loading compiled-in X.509 certificates
Loaded X.509 cert 'Build time autogenerated kernel key: c887ab1fa6442665629113512b4db089a7808038'
Loaded X.509 cert 'Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969'
Loaded X.509 cert 'Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19'

Revision history for this message
Best Manfred Hampl (m-hampl) said (last edit ): 		#19

You are mixing things that are not related to each other!
These are two completely separate issues!

1. Certain Acer computers show messages like "Problem loading X.509 certificate -65" when booting and in the dmesg log.
This is Bug #1930783 and is related to certificates for kernel module signature verification that are stored in the UEFI BIOS.

and independent from that

2. The software-properties-gtk program in Ubuntu 22.04 does not show the gpg keys that are used in package updates by the apt program and that are stored in the /etc/apt/trusted.gpg.d/ directory.

You need not import anything anywhere. The gpg keys are where they are needed (see output of apt-key list), just there seems to be a bug in software-properties, such that they are not shown in the software-properties-gtk program.

If you want, you can create a bug report against software-properties for the issue, that the gpg keys are not show any more.
A quick check on my test systems shows that the keys are visible on Ubuntu 20.04, but the window is shown empty on Ubuntu 21.10 and 22.04.

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#20

Thanks Manfred Hampl, that solved my question.

Revision history for this message
MadhuSoodanan (mt-madhu) said : 		#21

Thanks for this valuable information.

Revision history for this message
czg (czg-sci-42ver) said : 		#22

#20 how do you solve the problem? I was faced with the same problem,I have attached something in https://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c18

the summary info of ‘https://bugzilla.opensuse.org/show_bug.cgi?id=1129471#c18’:
maybe one key with 'Subject: CN=Joe's-Software-Emporium' in output of 'mokutil --db' caused the error

I have tested software & updates -> authentication, there keys are listed same as $(apt-key list)

here is my debug info
"""""""""""""""""""""""""""""""""
$ apt-key list
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
/etc/apt/trusted.gpg
--------------------
pub rsa4096 2019-05-30 [SC] [expires: 2025-06-01]
      C1CF 6E31 E6BA DE88 68B1 72B4 F42E D6FB AB17 C654
uid [ unknown] Open Robotics <email address hidden>

pub rsa4096 2021-11-23 [SC]
      A08C A7CD 4D00 6A41 28EC 2850 BE3E 6EA5 34E8 243F
uid [ unknown] Unity Technologies ApS <email address hidden>
sub rsa4096 2021-11-23 [E]

pub rsa4096 2013-03-11 [SC]
      6084 F3CF 814B 57C1 CF12 EFD5 15CF 4D18 AF4F 7421
uid [ unknown] Sylvestre Ledru - Debian LLVM packages <email address hidden>
sub rsa4096 2013-03-11 [E]

pub rsa3072 2021-04-08 [SCEA]
      8F40 D32A BF59 D635 B116 12F2 7052 8471 AFF9 A051
uid [ unknown] Cloudsmith Package (test-Iw3/etcher) <email address hidden>

pub rsa4096 2016-10-05 [SC]
      72EC F46A 56B4 AD39 C907 BBB7 1646 B01B 86E5 0310
uid [ unknown] Yarn Packaging <email address hidden>
sub rsa4096 2016-10-05 [E]

pub rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      80D1 5823 B7FD 1561 F9F7 BCDD DC30 D7C2 3CBB ABEE
uid [ unknown] Debian Archive Automatic Signing Key (10/buster) <email address hidden>
sub rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/atareao_ubuntu_telegram.gpg
--------------------------------------------------
pub rsa1024 2010-12-14 [SC]
      A3D8 A366 869F E2DC 5FFD 79C3 6A96 53F9 36FD 5529
uid [ unknown] Launchpad PPA for atareao

/etc/apt/trusted.gpg.d/c2d4u_team_ubuntu_c2d4u4_0_.gpg
------------------------------------------------------
pub rsa4096 2020-04-13 [SC]
      6E12 762B 8106 3D17 BDDD 3142 F142 A4D9 9F16 EB04
uid [ unknown] Launchpad PPA for cran2deb4ubuntu Build Team

/etc/apt/trusted.gpg.d/cran_ubuntu_key.asc
------------------------------------------
pub rsa2048 2010-10-19 [SCA] [expires: 2027-09-30]
      E298 A3A8 25C0 D65D FD57 CBB6 5171 6619 E084 DAB9
uid [ unknown] Michael Rutter <email address hidden>
sub rsa2048 2010-10-19 [E] [expires: 2027-09-30]

/etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg
-----------------------------------------------------
pub rsa2048 2009-09-04 [SC] [expires: 2026-11-02]
      A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89
uid [ unknown] deb.torproject.org archive signing key
sub rsa2048 2009-09-04 [S] [expires: 2024-07-15]

/etc/apt/trusted.gpg.d/git-core_ubuntu_ppa.gpg
----------------------------------------------
pub rsa1024 2009-01-22 [SC]
      E1DD 2702 88B4 E603 0699 E45F A171 5D88 E1DF 1F24
uid [ unknown] Launchpad PPA for Ubuntu Git Maintainers

/etc/apt/trusted.gpg.d/google-chrome.gpg
----------------------------------------
pub rsa4096 2016-04-12 [SC]
      EB4C 1BFD 4F04 2F6D DDCC EC91 7721 F63B D38B 4796
uid [ unknown] Google Inc. (Linux Packages Signing Authority) <email address hidden>
sub rsa4096 2021-10-26 [S] [expires: 2024-10-25]

/etc/apt/trusted.gpg.d/microsoft-edge.gpg
-----------------------------------------
pub rsa2048 2015-10-28 [SC]
      BC52 8686 B50D 79E3 39D3 721C EB3E 94AD BE12 29CF
uid [ unknown] Microsoft (Release signing) <email address hidden>

/etc/apt/trusted.gpg.d/microsoft.gpg
------------------------------------
pub rsa2048 2015-10-28 [SC]
      BC52 8686 B50D 79E3 39D3 721C EB3E 94AD BE12 29CF
uid [ unknown] Microsoft (Release signing) <email address hidden>

/etc/apt/trusted.gpg.d/packages.microsoft.gpg
---------------------------------------------
pub rsa2048 2015-10-28 [SC]
      BC52 8686 B50D 79E3 39D3 721C EB3E 94AD BE12 29CF
uid [ unknown] Microsoft (Release signing) <email address hidden>

/etc/apt/trusted.gpg.d/ppa-verse_ubuntu_xeus-cling.gpg
------------------------------------------------------
pub rsa4096 2021-12-01 [SC]
      093A A76F 4F66 4212 F7FE 375C 9A57 1B8F 2E9F 9D11
uid [ unknown] Launchpad PPA for ppa-verse

/etc/apt/trusted.gpg.d/trusted.gpg
----------------------------------
pub rsa4096 2019-05-30 [SC] [expires: 2025-06-01]
      C1CF 6E31 E6BA DE88 68B1 72B4 F42E D6FB AB17 C654
uid [ unknown] Open Robotics <email address hidden>

pub rsa4096 2021-11-23 [SC]
      A08C A7CD 4D00 6A41 28EC 2850 BE3E 6EA5 34E8 243F
uid [ unknown] Unity Technologies ApS <email address hidden>
sub rsa4096 2021-11-23 [E]

pub rsa4096 2013-03-11 [SC]
      6084 F3CF 814B 57C1 CF12 EFD5 15CF 4D18 AF4F 7421
uid [ unknown] Sylvestre Ledru - Debian LLVM packages <email address hidden>
sub rsa4096 2013-03-11 [E]

pub rsa3072 2021-04-08 [SCEA]
      8F40 D32A BF59 D635 B116 12F2 7052 8471 AFF9 A051
uid [ unknown] Cloudsmith Package (test-Iw3/etcher) <email address hidden>

pub rsa4096 2016-10-05 [SC]
      72EC F46A 56B4 AD39 C907 BBB7 1646 B01B 86E5 0310
uid [ unknown] Yarn Packaging <email address hidden>
sub rsa4096 2016-10-05 [E]

pub rsa4096 2019-04-14 [SC] [expires: 2027-04-12]
      80D1 5823 B7FD 1561 F9F7 BCDD DC30 D7C2 3CBB ABEE
uid [ unknown] Debian Archive Automatic Signing Key (10/buster) <email address hidden>
sub rsa4096 2019-04-14 [S] [expires: 2027-04-12]

/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
------------------------------------------------------
pub rsa4096 2012-05-11 [SC]
      8439 38DF 228D 22F7 B374 2BC0 D94A A3F0 EFE2 1092
uid [ unknown] Ubuntu CD Image Automatic Signing Key (2012) <email address hidden>

/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
------------------------------------------------------
pub rsa4096 2018-09-17 [SC]
      F6EC B376 2474 EDA9 D21B 7022 8719 20D1 991B C93C
uid [ unknown] Ubuntu Archive Automatic Signing Key (2018) <email address hidden>

/etc/apt/trusted.gpg.d/ubuntu-support-team-ubuntu-gdb.gpg
---------------------------------------------------------
pub rsa4096 2019-12-04 [SC]
      A17A D76F CBB7 A7D5 73C4 DF43 1E03 2FCE 2F88 6048
uid [ unknown] Launchpad PPA for Ubuntu Support Team

/etc/apt/trusted.gpg.d/vivaldi-33EAAB8E.gpg
-------------------------------------------
pub rsa4096 2023-01-10 [SC] [expires: 2025-02-28]
      3360 18F2 63FA 0000 65CE D7C6 124F 1498 33EA AB8E
uid [ unknown] Vivaldi Package Composer KEY09 <email address hidden>
sub rsa4096 2023-01-10 [E] [expires: 2025-02-28]

/etc/apt/trusted.gpg.d/vivaldi-4218647E.gpg
-------------------------------------------
pub rsa4096 2022-01-31 [SC] [expires: 2024-01-31]
      DF44 CF0E 1930 9195 C106 9AFE 6299 3C72 4218 647E
uid [ unknown] Vivaldi Package Composer KEY08 <email address hidden>
sub rsa4096 2022-01-31 [E] [expires: 2024-01-31]

/etc/apt/trusted.gpg.d/webupd8team_ubuntu_y-ppa-manager.gpg
-----------------------------------------------------------
pub rsa1024 2010-05-04 [SC]
      7B2C 3B08 89BF 5709 A105 D03A C251 8248 EEA1 4886
uid [ unknown] Launchpad VLC

"""""""""""""""""""""""""""""""""

“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“
$ sudo dmesg | grep 'X.509'
[ 0.740991] Loading compiled-in X.509 certificates
[ 0.741699] Loaded X.509 cert 'Build time autogenerated kernel key: 4919d01b97f8f8ece5362917619ef42f1d265e85'
[ 0.742319] Loaded X.509 cert 'Canonical Ltd. Live Patch Signing: 14df34d1a87cf37625abec039ef2bf521249b969'
[ 0.742645] Loaded X.509 cert 'Canonical Ltd. Kernel Module Signing: 88f752e560a1e0737e31163a466ad7b70a850c19'
[ 0.742646] blacklist: Loading compiled-in revocation X.509 certificates
[ 0.742657] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
[ 0.742667] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2017): 242ade75ac4a15e50d50c84b0d45ff3eae707a03'
[ 0.742676] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (ESM 2018): 365188c1d374d6b07c3c8f240f8ef722433d6a8b'
[ 0.742685] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2019): c0746fd6c5da3ae827864651ad66ae47fe24b3e8'
[ 0.742695] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v1): a8d54bbb3825cfb94fa13c9f8a594a195c107b8d'
[ 0.742704] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v2): 4cf046892d6fd3c9a5b03f98d845f90851dc6a8c'
[ 0.742713] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (2021 v3): 100437bb6de6e469b581e61cd66bce3ef4ed53af'
[ 0.742723] Loaded X.509 cert 'Canonical Ltd. Secure Boot Signing (Ubuntu Core 2019): c1d57b8f6b743f23ee41f4f7ee292f06eecadfb9'
[ 0.746958] integrity: Loading X.509 certificate: UEFI:db
[ 0.746976] integrity: Loaded X.509 cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53'
[ 0.746977] integrity: Loading X.509 certificate: UEFI:db
[ 0.746994] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
[ 0.746995] integrity: Loading X.509 certificate: UEFI:db
[ 0.747183] integrity: Loaded X.509 cert 'OK Certificate: c8c73a37546046ab495c33f4d0856052'
[ 0.747184] integrity: Loading X.509 certificate: UEFI:db
[ 0.747185] integrity: Problem loading X.509 certificate -65
[ 0.747191] integrity: Loading X.509 certificate: UEFI:db
[ 0.752264] integrity: Loaded X.509 cert 'EUJinn: 2d9ec14a26c9fcae420ef406a6e9492b'
[ 0.762242] integrity: Revoking X.509 certificate: UEFI:dbx
[ 0.762281] blacklist: Revoked X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7250da9033ddcef0'
[ 0.762283] integrity: Revoking X.509 certificate: UEFI:dbx
[ 0.762292] blacklist: Revoked X.509 cert 'Debian Secure Boot Signer: 00a7468def'
[ 0.762371] Loading compiled-in module X.509 certificates
[ 0.762706] Loaded X.509 cert 'Build time autogenerated kernel key: 4919d01b97f8f8ece5362917619ef42f1d265e85'
[ 4.517440] cfg80211: Loading compiled-in X.509 certificates for regulatory database
[ 4.517671] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7'
“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“

“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“
$ lsb_release -crid
Distributor ID: Ubuntu
Description: Ubuntu 22.04.2 LTS
Release: 22.04
Codename: jammy
czg:~$ uname -a
Linux czg-Lenovo-Legion-R7000-2020 5.15.0-67-generic #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“”“

Revision history for this message
czg (czg-sci-42ver) said : 		#23

#22

more useful information

inspired by this link https://askubuntu.com/questions/1354493/ubuntu-dual-boot-fails-with-loading-uefidb-x-509-certificate-65-error

----------------------------------
$ sudo badblocks -sv /dev/nvme0n1
Checking blocks 0 to 500107607
Checking for bad blocks (read-only test): 0.00% done, 0:00 elapsed. (0/0/0 errdone
Pass completed, 0 bad blocks found. (0/0/0 errors)
---------------------------------------

---------------------------------------
integrity: Problem loading X.509 certificate -65

"""""""""""""""""error begins here
Mar 21 00:57:01 czg-Lenovo-Legion-R7000-2020 kernel: fbcon: Taking over console
Mar 21 00:57:01 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Error adding keys to platform keyring UEFI:db

Mar 21 00:57:01 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loading X.509 certificate: UEFI:db
Mar 21 00:57:01 czg-Lenovo-Legion-R7000-2020 kernel: Console: switching to colour frame buffer device 240x67
Mar 21 00:57:01 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Loaded X.509 cert 'EUJinn: 2d9ec14a26c9fcae420ef406a6e9492b'
Mar 21 00:57:01 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Revoking X.509 certificate: UEFI:dbx
Mar 21 00:57:01 czg-Lenovo-Legion-R7000-2020 kernel: blacklist: Revoked X.509 cert 'Canonical Ltd. Secure Boot Signing: 61482aa2830d0ab2ad5af10b7>
Mar 21 00:57:01 czg-Lenovo-Legion-R7000-2020 kernel: integrity: Revoking X.509 certificate: UEFI:dbx
Mar 21 00:57:01 czg-Lenovo-Legion-R7000-2020 kernel: blacklist: Revoked X.509 cert 'Debian Secure Boot Signer: 00a7468def'
---------------------------------------

Revision history for this message
czg (czg-sci-42ver) said : 		#24

fix by this https://askubuntu.com/a/1285489/1682447 'reset setup mode'

could anyone tell me the intenal reasons making this method work?

Revision history for this message
Manfred Hampl (m-hampl) said : 		#25

@czg:
Your comments are wrong here. See comment #8

This question was about a problem, that in a certain version of software-properties-gtk the view of the installed apt keys was broken.

The error messages about "Problem loading X.509 certificate -65" when booting and in the dmesg log were not and are not dealt with in this question, but in Bug #1930783