Re: x86_64: grub-install for secure boot

help-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: x86_64: grub-install for secure boot

From:	Andrei Borzenkov
Subject:	Re: x86_64: grub-install for secure boot
Date:	Fri, 28 Jul 2023 07:04:27 +0300
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0

On 27.07.2023 21:44, Zvi Vered wrote:

Hello,

I'm trying to install grub 2.x for secure boot .
I did the following steps under knoppix 9.1 :

mkfs.fat -F32 /dev/sdb1
mount -t vfat /dev/sdb1 /media/sdb1
apt-get install grub-efi-amd64-signed
grub-install --boot-directory=/media/sdb1/boot --efi-directory=/media/sdb1
--uefi-secure-boot

But when I selected this device in the boot menu I got the red message
telling this partition contains unsecured code.

May be you should start with reading what Secure Boot is and how itworks. E.g. in wikipedia.

Can you please advise how I should proceed?

Either you need to generate your own PK and enroll it replacing defaultkeys and then sign your grub image with key signed by PK. Or you need touse shim as the first stage loader and enroll the hash of your grubimage using mokutil (alternatively sign grub image and enrollcertificate using mokutil).

[Prev in Thread]

Current Thread

[Next in Thread]

Re: x86_64: grub-install for secure boot, (continued)
- Re: x86_64: grub-install for secure boot, Randy Goldenberg, 2023/07/27
  - Re: x86_64: grub-install for secure boot, Zvi Vered, 2023/07/27
    - Re: x86_64: grub-install for secure boot, Randy Goldenberg, 2023/07/27
    - Re: x86_64: grub-install for secure boot, Zvi Vered, 2023/07/27
- Re: x86_64: grub-install for secure boot, Andrei Borzenkov <=

Prev by Date: Re: x86_64: grub-install for secure boot
Next by Date: Re: x86_64: grub-install for secure boot
Previous by thread: Re: x86_64: grub-install for secure boot
Index(es):
- Date
- Thread