[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue migrating from 2.04 to 2.06: error: shim_lock protocol not fou
|
From: |
Andrei Borzenkov |
|
Subject: |
Re: Issue migrating from 2.04 to 2.06: error: shim_lock protocol not found |
|
Date: |
Sun, 11 Apr 2021 16:26:45 +0300 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 |
On 11.04.2021 12:10, Fonic Maxxim wrote:
> On 09.04.21 07:42, Andrei Borzenkov wrote:
>> On 07.04.2021 12:58, Fonic Maxxim wrote:
>>> I have trouble migrating from GRUB 2.04 to GRUB 2.06. My system: PC,
>>> x86_64, Gentoo Linux.
>>>
>>>
>>> Whenever I select a boot entry in GRUB 2.06, I get this error:
>>>
>>> error: shim_lock protocol not found
>>>
>>> The same thing happens when I use GRUB's command line, e.g. when
>>> executing 'chainloader <some-efi-file>'.
>>>
>>>
>>> I'm using Secure Boot with the following setup:
>>>
>>> UEFI (with my own keys) -> GRUB (standalone EFI image, signed with UEFI
>>> key; check_signatures enabled) -> Linux Kernel (signed with GPG key)
>>>
>>> As can be seen, I'm not using Shim.
>>>
>>>
>>> How can I solve this?
>> Create grub image with --disable-shim-lock
>
> Thanks, I'll give it a try.
>
>>> Help is greatly appreciated.
>>>
>>> Would there be any benefit in using Shim?
>> Yes for 99.999% of users. You own post demonstrates it.
> What would those benefits be? How does my post demonstrate that?
If you used shim, you would not have this issue after update.
>>> As far as I can tell, Shim is
>>> only useful if one does not want to enroll custom UEFI keys since it is
>>> signed by Microsoft and thus works with stock keys. Other than that,
>>> Shim introduces an additional layer with additional security risks, thus
>>> I'm not really keen to use it if I don't have to.
>>>
>>>
>>> -- Fonic
>>>
>>>
>>
>