grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: UEFI Secureboot not succeeding with Grub 2.06 and later version


From: Michael Chang
Subject: Re: UEFI Secureboot not succeeding with Grub 2.06 and later version
Date: Fri, 9 Jul 2021 14:27:05 +0800
User-agent: Mutt/1.10.1 (2018-07-13)

On Thu, Jul 08, 2021 at 03:31:15PM +0200, Daniel Kiper wrote:
> On Thu, Jul 08, 2021 at 08:01:31PM +0800, Michael Chang via Grub-devel wrote:
> > Hi Dimitri,
> >
> > On Thu, Jul 08, 2021 at 11:51:25AM +0100, Dimitri John Ledkov wrote:
> > > Hi,
> > >
> > > The below mentioned commands are useful. Hence we need to debug this
> > > further and establish further details about your setup.
> >
> > I think the problem here is that arm64 already uses LoadImage to verify
> > the kernel image so the shim lock is not really required. IMHO the
> > lockdown verifier should be relaxed for the arm platform as always will
> > be a verifier (LoadImage) used to booting the kernel.
> 
> To some extent you are right. However, please do not forget about
> detached PGP signatures case.

Indeed. I should make it clear that this is specific to
GRUB_FILE_TYPE_LINUX_KERNEL asked to be relaxed in the lockdown list for
arm64.

Thanks,
Michael

> 
> Daniel
> 
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel




reply via email to

[Prev in Thread] Current Thread [Next in Thread]