[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: grub-2:2.06rc1-2 Installation Messages Related to Secure Boot as Dis
From: |
Daniel Kiper |
Subject: |
Re: grub-2:2.06rc1-2 Installation Messages Related to Secure Boot as Displayed under Arch Linux |
Date: |
Wed, 28 Apr 2021 15:03:48 +0200 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
Hi,
Adding Morten...
On Tue, Apr 27, 2021 at 03:11:54PM +0000, HardenedArray via Grub-devel wrote:
> As a heads up to those working on the Secure Boot aspects of grub, I wanted to
> provide the grub-2:2.06rc1-2 installation messages being shown to Arch Linux
> grub users during a 'pacman -Syu' run that happens to pull in the latest grub
> upgrade.
>
> 2/3) upgrading
> grub
> [##################################################] 100%
> :: Recent versions of grub may fail to boot with secure boot enabled. The
> message will look like this:
> > error: verification requested but nobody cares:
> > (hd0,gpt2)/grub/x86_64-efi/normal.mod
> > Entering rescue mode...
> Handle installation to UEFI with care and be prepared!
> For details see: https://md.archlinux.org/F1JuYj5xQtWyhvH8_ilErg#
The main problem here is that you should built-in all required modules into
the GRUB image (grubx64.efi for x86_64-efi platforms) and then sign it. This
is the simplest approach.
> Not all Arch grub users are seeing these messages, as grub-2:2.06rc1-2 resides
> only in the TESTING repo.
>
> I do not run Secure Boot, so as expected, grub-2:2.06rc1-2 did not interfere
> with unlocking my LUKS2 encrypted /boot upon reboot.
>
> I am not sure any action is required, I only wanted those involved with Secure
> Boot to be aware of the information being shown to grub end users on Arch
> Linux.
Thank you for the report. AFAICT Morten will be working on relevant
documentation updates for Arch and GRUB upstream.
Daniel