[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: UEFI Secureboot not succeeding with Grub 2.06 and later version
From: |
Sayanta Pattanayak |
Subject: |
RE: UEFI Secureboot not succeeding with Grub 2.06 and later version |
Date: |
Mon, 12 Jul 2021 16:20:56 +0000 |
Hi Daniel,
Secureboot worked fine with the change(GRUB_FILE_TYPE_LINUX_KERNEL ->
GRUB_FILE_TYPE_NONE) you suggested.
disk/efi/efidisk.c:531: opening hd0 succeeded
partmap/gpt.c:93: Read a valid GPT header
partmap/gpt.c:115: GPT entry 0: start=2048, length=40959
partmap/gpt.c:115: GPT entry 1: start=43008, length=409599
kern/fs.c:56: Detecting ext2...
kern/verifiers.c:88: file: /Image type: 0
disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xcc40 from hd0
loader/arm64/linux.c:61: UEFI stub kernel:
loader/arm64/linux.c:62: PE/COFF header @ 00000040
loader/arm64/linux.c:316: kernel file size: 34054136
loader/arm64/linux.c:318: kernel numpages: 8314
disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xcc80 from hd0
disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xccc0 from hd0
....
loader/efi/fdt.c:63: allocating 1155 bytes for fdt
loader/arm64/linux.c:89: Initrd @ 0xf6e20000-0xf6fffa00
loader/efi/fdt.c:97: Installed/updated FDT configuration table @ 0xf71d0000
Loading driver at 0x000F4D10000 EntryPoint=0x000F650EDD8
Loading driver at 0x000F4D10000 EntryPoint=0x000F650EDD8
loader/arm64/linux.c:144: linux command line: 'BOOT_IMAGE=/Image acpi=force
console=ttyAMA0,115200 ip=dhcp
root=PARTUUID=9c53a91b-e182-4ff1-aeac-6ee2c432ae94 rootwait verbose debug'
loader/arm64/linux.c:159: starting image 0xfca9a798
EFI stub: Booting Linux Kernel...
EFI stub: EFI_RNG_PROTOCOL unavailable
EFI stub: UEFI Secure Boot is enabled.
EFI stub: Using DTB from configuration table
EFI stub: Exiting boot services and installing virtual address map...
We understand LoadImage() interface is used in our platform, but if the error
scenario is not expected with LoadImage() interface then we need further
investigation. We are trying to look into it.
What can we infer from the change you suggested and that it worked? Do we need
to make certain changes in our platform?
Thanks,
Sayanta
>-----Original Message-----
>From: Daniel Kiper <dkiper@net-space.pl>
>Sent: Thursday, July 8, 2021 6:58 PM
>To: Sayanta Pattanayak <Sayanta.Pattanayak@arm.com>
>Cc: grub-devel@gnu.org; nd <nd@arm.com>; javierm@redhat.com;
>xnox@ubuntu.com; pjones@redhat.com; leif@nuviainc.com
>Subject: Re: UEFI Secureboot not succeeding with Grub 2.06 and later version
>
>On Thu, Jul 08, 2021 at 07:04:46AM +0000, Sayanta Pattanayak wrote:
>> Hi Daniel,
>>
>> Thanks for your reply and hope you had a great vacation.
>
>Yeah, I had nice time.
>
>> We use Upstream 2.06 tagged version. Mentioning below the Build
>Commands and Console Output.
>
>Thanks! Please look below.
>
>[...]
>
>> kern/disk.c:196: Opening `hd0,gpt2'...
>> disk/efi/efidisk.c:482: opening hd0
>> disk/efi/efidisk.c:511: m = 0xfe6e8dc0, last block = 6efff, block size =
>> 200, io
>align = 0
>> disk/efi/efidisk.c:531: opening hd0 succeeded
>> partmap/gpt.c:93: Read a valid GPT header
>> partmap/gpt.c:115: GPT entry 0: start=2048, length=40959
>> partmap/gpt.c:115: GPT entry 1: start=43008, length=409599
>> kern/fs.c:56: Detecting ext2...
>> kern/verifiers.c:88: file: /Image type: 3
>
>If you use LoadImage() interface this should not happen.
>
>I think the following code in grub-core/loader/arm64/linux.c is a culprit:
>
> 285 static grub_err_t
> 286 grub_cmd_linux (grub_command_t cmd __attribute__ ((unused)),
> 287 int argc, char *argv[])
> 288 {
> 289 grub_file_t file = 0;
> 290 struct linux_arch_kernel_header lh;
> 291 grub_err_t err;
> 292
> 293 grub_dl_ref (my_mod);
> 294
> 295 if (argc == 0)
> 296 {
> 297 grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
> 298 goto fail;
> 299 }
> 300
> 301 file = grub_file_open (argv[0], GRUB_FILE_TYPE_LINUX_KERNEL);
>This ---------------------------------> ^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
>You can do test and replace GRUB_FILE_TYPE_LINUX_KERNEL with
>GRUB_FILE_TYPE_NONE.
>
>Daniel
- RE: UEFI Secureboot not succeeding with Grub 2.06 and later version, (continued)
- RE: UEFI Secureboot not succeeding with Grub 2.06 and later version, Sayanta Pattanayak, 2021/07/12
- Re: UEFI Secureboot not succeeding with Grub 2.06 and later version, Dimitri John Ledkov, 2021/07/12
- Re: UEFI Secureboot not succeeding with Grub 2.06 and later version, Daniel Kiper, 2021/07/08
- RE: UEFI Secureboot not succeeding with Grub 2.06 and later version,
Sayanta Pattanayak <=
- Re: UEFI Secureboot not succeeding with Grub 2.06 and later version, Daniel Kiper, 2021/07/14
- RE: UEFI Secureboot not succeeding with Grub 2.06 and later version, Sayanta Pattanayak, 2021/07/15
- Re: UEFI Secureboot not succeeding with Grub 2.06 and later version, Javier Martinez Canillas, 2021/07/15
- RE: UEFI Secureboot not succeeding with Grub 2.06 and later version, Sayanta Pattanayak, 2021/07/15
- Re: UEFI Secureboot not succeeding with Grub 2.06 and later version, Javier Martinez Canillas, 2021/07/15
- RE: UEFI Secureboot not succeeding with Grub 2.06 and later version, Sayanta Pattanayak, 2021/07/15
- Re: UEFI Secureboot not succeeding with Grub 2.06 and later version, Javier Martinez Canillas, 2021/07/16