grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UEFI Secureboot not succeeding with Grub 2.06 and later version

From: Sayanta Pattanayak
Subject: UEFI Secureboot not succeeding with Grub 2.06 and later version
Date: Thu, 1 Jul 2021 15:23:03 +0000 
Hi All,
I am new to grub and UEFI secure boot and so a beginners question. UEFI 
secureboot on a Arm64 platform works fine with Grub 2.04 version. The linux 
kernel image is authenticated and loaded. But the same with Grub 2.06 version 
does not progress - following error messages are displayed.

error: shim_lock protocol not found.
error: you need to load the kernel first.

With reference of 
"https://www.mail-archive.com/help-grub@gnu.org/msg05375.html";, created Grub 
image with "--disable-shim-lock" option. This change solved the "shim_lock" 
error but then the following error message started appearing-

error: verification requested but nobody cares: /Image.
error: you need to load the kernel first.
Press any key to continue...

A large set of patches addressing bootHole vulnerability 
(https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html) have been 
merged in the Grub 2.06 version. Does this change the way images are signed or 
is there any other change introduced that required UEFI secure boot to be 
handled differently on the platform.

Request any suggestion that would help validate UEFI secure boot with Grub 2.06 
and later version.

Thanks,
Sayanta
reply via email to
[Prev in Thread] Current Thread [Next in Thread]