grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UEFI Secureboot not succeeding with Grub 2.06 and later version


From: Daniel Kiper
Subject: Re: UEFI Secureboot not succeeding with Grub 2.06 and later version
Date: Wed, 7 Jul 2021 15:14:47 +0200
User-agent: NeoMutt/20170113 (1.7.2)

Hi Sayanta,

Sorry for late reply but I am just recovering after vacation...

CC-ing Javier, Dimitri, Peter and Leif.

On Thu, Jul 01, 2021 at 03:23:03PM +0000, Sayanta Pattanayak wrote:
> Hi All,
> I am new to grub and UEFI secure boot and so a beginners question.
> UEFI secureboot on a Arm64 platform works fine with Grub 2.04 version.
> The linux kernel image is authenticated and loaded. But the same with
> Grub 2.06 version does not progress - following error messages are
> displayed.
>
> error: shim_lock protocol not found.
> error: you need to load the kernel first.
>
> With reference of
> "https://www.mail-archive.com/help-grub@gnu.org/msg05375.html";,
> created Grub image with "--disable-shim-lock" option. This change
> solved the "shim_lock" error but then the following error message
> started appearing-
>
> error: verification requested but nobody cares: /Image.
> error: you need to load the kernel first.
> Press any key to continue...
>
> A large set of patches addressing bootHole vulnerability
> (https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html)
> have been merged in the Grub 2.06 version. Does this change the way
> images are signed or is there any other change introduced that
> required UEFI secure boot to be handled differently on the platform.
>
> Request any suggestion that would help validate UEFI secure boot with
> Grub 2.06 and later version.

Do you use GRUB 2.06 upstream or a Linux distribution variant? If
upstream could you provide us commands used to build the GRUB and
console output when debug is enabled, i.e. "set debug=all"?

Daniel



reply via email to

[Prev in Thread] Current Thread [Next in Thread]