bash-5.2# cd /home/root
bash-5.2# ./sbctl/sbctl status
Installed: ✓ sbctl is installed
Owner GUID: fb8175ff-2e1e-4993-b4ae-12320437aff1
Setup Mode: ✓ Disabled
Secure Boot: ✗ Disabled
Vendor Keys: none
bash-5.2# ls /sys/firmware/efi/efivars/
bash-5.2# mount -t efivarfs efivarfs /sys/firmware/efi/efivars/
bash-5.2# ./sbctl/sbctl status
Installed: ✓ sbctl is installed
Owner GUID: fb8175ff-2e1e-4993-b4ae-12320437aff1
Setup Mode: ✗ Enabled
Secure Boot: ✗ Disabled
Vendor Keys: builtin-db builtin-db builtin-db builtin-db builtin-KEK builtin-KEK
bash-5.2#
It looks like sbctl silently made up the Setup Mode variable status when efivarfs is not mounted. Since sbctl relies on UEFI variables as a source of truth about UEFI Secure Boot status, maybe it should not say anything about the status when efivarfs is unavailable.
It looks like sbctl silently made up the
Setup Modevariable status whenefivarfsis not mounted. Since sbctl relies on UEFI variables as a source of truth about UEFI Secure Boot status, maybe it should not say anything about the status whenefivarfsis unavailable.