23

update-secureboot-policy --enroll-key seems to run whenever I start my computer and never stops running unless I manually kill the process. It makes my computer hot and uses lots of system resources. If I manually kill it the computer cools down and everything is fine. What exactly is going on here? It seems like it's being called by perl which is calling debconf frontend which is calling update-secureboot-policy, hence : /usr/bin/perl -w /usr/share/debconf/frontend /usr/sbin/update-secureboot-policy --enroll-key

EDIT:

I am using ElementaryOS 5.0 Which is based on Ubuntu 18.04

usage statistics of update-secureboot-policy

Zachary Schwatz
  • 331
  • 2
  • 3
  • 1
    Just disable Secure Boot in UEFI settings. It's not that process what's making it hot. Probably you have Nvidia graphics but the drivers aren't being loaded due to Secure Boot and that's the reason why that process appears - it enables users to sign the drivers. But again, the easiest option is to disable Secure Boot. –  Oct 17 '19 at 00:12
  • Thanks for the reply but I only have integrated intel graphics. – Zachary Schwatz Oct 17 '19 at 21:54
  • There are other unsigned drivers. Some wifi drivers, for example. –  Oct 17 '19 at 22:19
  • The suggestion from @user921000 works for me, though I have to turn Secure Boot back off, at least some of the time, when I install updates. – ohnoplus Jan 31 '20 at 21:00
  • Did anybody ever find out where the call `usr/bin/perl -w /usr/share/debconf/frontend /usr/sbin/update-secureboot-policy --enroll-key` comes from? It was running on my machine, but I can not find out what did start it. – simohe Apr 09 '21 at 12:55

1 Answers1

18

I had same problem and I found a solution, actually it was quite easy.

The problem was that a script was waiting on me to confirm for adding an UEFI entry on my computer but the terminal was not showing up and consuming all ressources (active waiting ?)

Brief

My solution was to run manually the command line, restart the computer and enroll the MOK key.

Complete explication

  1. Get the actual command copy-pastable

    ps aux | grep -e "update-secureboot-policy"

  2. Stop the current process

    sudo kill <pid>

  3. Run manually the command and follow UEFI instructions

    sudo /usr/bin/perl -w /usr/share/debconf/frontend /usr/sbin/update-secureboot-policy --enroll-key

  4. Reboot the computer and in the bios go to "MOK key" management

  5. Enroll the key (see image below)

  6. Finish

enter image description here

56ka
  • 281
  • 2
  • 5