The 4.12 kernel does not seem to import UEFI keys to verify kernel modules anymore. In particular, the process described in [1] fails now, with the error

modprobe: ERROR: could not insert 'xxx': Required key not available

Looking at the output of keyctl, we see that only the kernel signing key has been added, but none of the UEFI ones:

# keyctl list %:.builtin_trusted_keys
1 key in keyring:
 88834290: ---lswrv     0     0 asymmetric: Fedora kernel signing key: fbae8ddf4ffd384e990097e7b82ddf7bacf91b23

Also, in dmesg the message changed from

EFI: Loaded cert 'xxx' linked to '.builtin_trusted_keys'

in 4.11.x, to

Loaded UEFI:db cert 'xxx' linked to secondary sys keyring

in 4.12.

[1] https://docs.fedoraproject.org/en-US/Fedora/26/html-single/System_Administrators_Guide/index.html#sect-signing-kernel-modules-for-secure-boot

1. Wayland graphics broken for QXL virtual video device: system hangs before reaching the graphical login screen. System boots correctly after adding "nomodeset" to the kernel boot options, likewise after removing kernel boot option "rhgb" and enabling "WaylandEnable=false" in configuration file /etc/gdm/custom.conf.
2. System boot successfully on real hardware with video device ATI Radeon HD 3470.

works for me

Works just fine on a T450s with Wayland session.

Not going to leave karma, because I see folks are having trouble. It boots for me on an Atom based server, T450s and a VM. I did see an i915 graphics related oops on the first reboot of T450s. This went away after cold boot. Also, both the laptop and the VM that are running gnome developed account manager related selinux denials.

UEFI Keys not imported : PKCS#7 signature not signed with a trusted key error

karma: -1

HP 850 G4. i5-7200U w/integrated GPU, Gnome with Xorg, ipsec VPN. Generally working, not adding karma as of problems others see.

Fine on two systems with BIOS boot and KDE (no wayland), Core i3 540 with AMD GPU and AMD E-450 APU.

Had sudden boot fails on F26 with the i3 at early stage (also on 4.11), but went away when using a generic (not hardware tailored) initramfs.

Works Fine on a E7470.

karma: +1

Works for me on a i686 installation. Using a Dell e6220. Gnome on Wayland is working.

karma: +1

Regression tests pass and boots fine, however I'm getting many selinux errors reported here:

https://bugzilla.redhat.com/show_bug.cgi?id=1476345

Someone should download GENUINE kernel from Linus and compile it. I see gap between 4.11 and 4.12 because labbott was doing all previous 4.11s but skipped 4.12 out of the blue (why?) and is currently doing 4.13. jforebes- do we trust him? Besides as is was said here: "Had sudden boot fails on F26 with the i3 at early stage (also on 4.11), but went away when using a generic (not hardware tailored) initramfs.". I got it too, ie. some boot failures/restart failures/boot black screen on 4.11.11-300.fc26.x86_64. Not stable at all. For the reason of signing keys and SELinux failures if I was able to downvote I would say: -10 (minus ten). Not good. Not good at all.

All is well for me. Headless Dell R520.

@anonymous

You're joking, right? Otherwise do a little research about Fedora's kernel maintainers and kernel stabilization. A xx.yy.0...2 is hardly ever shipped (apart from rawhide).

And these boot failures in early stage are likely no kernel issue, but a dracut problem, as generic initramfs fixed it for me.

[Vote repeated, as it's deleted otherwise]

"labbott was doing all previous 4.11s but skipped 4.12 out of the blue " This is perfectly normal. kernel 4.10 was maintained by jforbes, and for a long time, he and labbott take charges of the alternative kernels. And, if you take my opinion, they are doing an excellent job.

no regressions noted with Xfce on my clevo i7

wfm https://paste.fedoraproject.org/paste/ETZ4M67lh~YeVVPd7KFyfg/

Buggiest kernel in a while

Maybe we could have 4.11.12 on F26 meanwhile to be on par with F25 at least?

Does not boot: error: nouveau 0000:00:12.0: DDC responded, but no EDID for DP-1

Touchpad resume issue fixed