[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: x86_64: grub-install for secure boot
|
From: |
Zvi Vered |
|
Subject: |
Re: x86_64: grub-install for secure boot |
|
Date: |
Fri, 28 Jul 2023 21:45:54 +0300 |
Hi Pascal, Andrei and Randy,
After booting knoppix with secure boot=enable I ran the sequence again.
This time I got the attached log.
The last lines are:
---------------------------------------------------------------------------------------------------------------
grub-install: info: writing 744 bytes of a fixup block starting at 0x10000.
grub-install: info: reading /usr/lib/grub/x86_64-efi/fshelp.mod.
grub-install: info: reading /usr/lib/grub/x86_64-efi/fat.mod.
grub-install: info: reading /usr/lib/grub/x86_64-efi/part_msdos.mod.
grub-install: info: reading /usr/lib/grub/x86_64-efi/search_fs_uuid.mod.
grub-install: info: reading /media/sdb1/boot/grub/x86_64-efi/load.cfg.
grub-install: info: kernel_img=0x56905870, kernel_size=0x1c000.
grub-install: info: the core size is 0x21198.
grub-install: info: writing 0x24000 bytes.
grub-install: info: copying `/usr/lib/shim/shimx64.efi.signed' ->
`/media/sdb1/EFI/debian/shimx64.efi'.
grub-install: info: copying
`/usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed' ->
`/media/sdb1/EFI/debian/grubx64.efi'.
grub-install: info: copying `/usr/lib/shim/mmx64.efi.signed' ->
`/media/sdb1/EFI/debian/mmx64.efi'.
grub-install: info: copying `/usr/lib/shim/fbx64.efi.signed' ->
`/media/sdb1/EFI/debian/fbx64.efi'.
grub-install: info: copying `/usr/lib/shim/BOOTX64.CSV' ->
`/media/sdb1/EFI/debian/BOOTX64.CSV'.
grub-install: info: copying
`/media/sdb1/boot/grub/x86_64-efi/load.cfg' ->
`/media/sdb1/EFI/debian/grub.cfg'.
grub-install: info: Registering with EFI: distributor = `debian', path
= `\EFI\debian\shimx64.efi', ESP at hostdisk//dev/sdb,msdos1.
grub-install: info: executing modprobe efivars 2>/dev/null.
grub-install: info: setting EFI variable Boot000C.
grub-install: info: setting EFI variable BootOrder.
Installation finished. No error reported.
---------------------------------------------------------------------------------------------------------------
As you can see I did not get the: "EFI variables are not supported on
this system"
After reboot, grub is running Ok.
Thank you very much for you time and effort,
Best regards,
Zvika
On Fri, Jul 28, 2023 at 9:13 PM Zvi Vered <veredz72@gmail.com> wrote:
>
> Hi Andrei, All,
>
> You wrote: "Most likely the system was booted in legacy BIOS mode"
> I booted knoppix with: secure boot=disable
> Under this knoppix I ran: grub-install.
>
> Should I boot the PC with secure boot=enable and then run grub-install ?
>
> Thank you,
> Zvika
>
> On Fri, Jul 28, 2023 at 8:42 PM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
> >
> > On 28.07.2023 20:26, Pascal Hambourg wrote:
> > > On 28/07/2023 at 17:58, Andrei Borzenkov wrote:
> > >> On 28.07.2023 18:52, Zvi Vered wrote:
> > >>>
> > >>> In the PC boot menu, it's marked "debian".
> > >>
> > >> What makes you think "debian" refers to whatever you installed?
> > >
> > > Due to the failure of grub-install to update EFI boot variables (see
> > > below), I suspect that "debian" still points to grubx64.efi (signed by
> > > Debian, not trusted by default) instead of shimx64.efi (signed by
> > > Microsoft, trusted by default).
> > >
> > >> Show full output of
> > >>
> > >> efibootmgr -v
> > >
> > > I am afraid efibootmgr won't show anything if EFI variables are not
> > > available.
> > >
> >
> > Sorry, you are right of course.
> >
> > >>>>> grub-install: info: copying `/usr/lib/shim/shimx64.efi.signed' ->
> > >>>>> `/media/sdb1/EFI/debian/shimx64.efi'.
> > >
> > > Good, this time grub-install installed the shim files for secure boot.
> > >
> > >>>>> grub-install: info: Registering with EFI: distributor = `debian', path
> > >>>>> = `\EFI\debian\shimx64.efi', ESP at hostdisk//dev/sdb,msdos1.
> > >>>>> grub-install: info: executing modprobe efivars 2>/dev/null.
> > >>>>> grub-install: warning: EFI variables are not supported on this
> > >>>>> system..
> > >
> > > As explained above, grub-install failed to update EFI boot variables.
> > > Is efivarfs mounted on /sys/firmware/efi/efivars ?
> > >
> >
> > Most likely system was booted in legacy BIOS mode.
> >
> > >>>>> In the attached file I noticed info messages like:
> > >>>>> grub-install: info: cannot open
> > >>>>> `/usr/share/locale/be/LC_MESSAGES/grub.mo': No such file or directory.
> > >
> > > Irrelevant.
> > >
> >
> >
grub_ok.log
Description: Binary data
- Re: x86_64: grub-install for secure boot, (continued)
- Re: x86_64: grub-install for secure boot, Pascal Hambourg, 2023/07/27
- Re: x86_64: grub-install for secure boot, Zvi Vered, 2023/07/27
- Re: x86_64: grub-install for secure boot, Pascal Hambourg, 2023/07/28
- Re: x86_64: grub-install for secure boot, Zvi Vered, 2023/07/28
- Re: x86_64: grub-install for secure boot, Andrei Borzenkov, 2023/07/28
- Re: x86_64: grub-install for secure boot, Zvi Vered, 2023/07/28
- Re: x86_64: grub-install for secure boot, Andrei Borzenkov, 2023/07/28
- Re: x86_64: grub-install for secure boot, Pascal Hambourg, 2023/07/28
- Re: x86_64: grub-install for secure boot, Andrei Borzenkov, 2023/07/28
- Re: x86_64: grub-install for secure boot, Zvi Vered, 2023/07/28
- Re: x86_64: grub-install for secure boot,
Zvi Vered <=
- Re: x86_64: grub-install for secure boot, Pascal Hambourg, 2023/07/28
- Re: x86_64: grub-install for secure boot, Zvi Vered, 2023/07/29
- Re: x86_64: grub-install for secure boot, Pascal Hambourg, 2023/07/29
- Re: x86_64: grub-install for secure boot, Randy Goldenberg, 2023/07/29
- Re: x86_64: grub-install for secure boot, Andrei Borzenkov, 2023/07/29
Re: x86_64: grub-install for secure boot, Randy Goldenberg, 2023/07/27
Re: x86_64: grub-install for secure boot, Andrei Borzenkov, 2023/07/28