grub-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug #65889: cryptomount with keyfile fails because of shim lock verifier


From: Mohammad Reza Moghaddasi
Subject: bug #65889: cryptomount with keyfile fails because of shim lock verifier
Date: Fri, 3 Jan 2025 16:03:31 +0330
User-agent: Mozilla Thunderbird

Hi. I have posted a bug here and described it .


I reviewed source code and find out the cause:

type "GRUB_FILE_TYPE_CRYPTODISK_ENCRYPTION_KEY" which is defined in file "grub-core/disk/cryptodisk.c" is not included in "grub-core/kern/efi/sb.c" in "shim_lock_verifier_init" . because of that grub will deny loading keyfile and says "error: prohibited by secure boot policy" . So in order to fix that, we should simply add two lines of below in switch case statement of the image attachment:


1  case GRUB_FILE_TYPE_CRYPTODISK_ENCRYPTION_KEY:
2  case GRUB_FILE_TYPE_CRYPTODISK_DETACHED_HEADER:


I've done and built it with this modification and it was OK.


Thanks.

Attachment: Screenshot from 2025-01-03 16-00-48.png
Description: PNG image


reply via email to

[Prev in Thread] Current Thread [Next in Thread]