Yes that’s exatly what I did:
- turn laptop on and was greeted by that notification
- ran
ujust enroll-secure-boot-key
- checked
mokutil --list-enrolled
and got that result
Great! Thank you for confirming! I wanted to make sure this wasn’t a bug report about the notification showing incorrectly.
This sounds like the behavior we expect, and the notification did its job! It was created to let users know this needs to be done, even though the old ublue akmods
MOK may already have been enrolled.
It’s weird for that
7e68651d52 Fedora Secure Boot CA
line, I never messed with Fedora shim (I would have had to load a shim file in the BIOS to have that right? I’m not a specialist as you can see)
You wouldn’t have messed with this, it’s would have been installed when you installed the system and not updated. It’s almost never a manual user operation.
- I’m planning on reinstalling Bluefin one of those days. Does all the keys (those 3 ones) are deleted and I re-enroll the correct ones?
A MOK (Machine Owner Key) is actually enrolled into a database which is part of the UEFI on your motherboard. This is why it needs a reboot and that ugly UI with a password to enroll.
But, this also means you won’t need to do it again even after reinstall.
I created a topic few weeks back regarding an error enrolling secure boot key on another computer Error enrolling secure boot key
I’ll respond on those threads to keep this focused.