[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UEFI Secureboot not succeeding with Grub 2.06 and later version
From: |
Sayanta Pattanayak |
Subject: |
UEFI Secureboot not succeeding with Grub 2.06 and later version |
Date: |
Thu, 1 Jul 2021 15:23:03 +0000 |
Hi All,
I am new to grub and UEFI secure boot and so a beginners question. UEFI
secureboot on a Arm64 platform works fine with Grub 2.04 version. The linux
kernel image is authenticated and loaded. But the same with Grub 2.06 version
does not progress - following error messages are displayed.
error: shim_lock protocol not found.
error: you need to load the kernel first.
With reference of
"https://www.mail-archive.com/help-grub@gnu.org/msg05375.html", created Grub
image with "--disable-shim-lock" option. This change solved the "shim_lock"
error but then the following error message started appearing-
error: verification requested but nobody cares: /Image.
error: you need to load the kernel first.
Press any key to continue...
A large set of patches addressing bootHole vulnerability
(https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html) have been
merged in the Grub 2.06 version. Does this change the way images are signed or
is there any other change introduced that required UEFI secure boot to be
handled differently on the platform.
Request any suggestion that would help validate UEFI secure boot with Grub 2.06
and later version.
Thanks,
Sayanta