On 22/06/2025 at 09:22, Alex. I. TRIPCEA wrote:
Yes, "shim_lock=y" is present, whatever the installation tested.
Do you mean that with OVMF_CODE_4M.secboot.fd, "shim_lock=y" is present in GRUB environment variables (=secure boot is enabled) and yet trixie can boot with /boot on JFS (=GRUB supports JFS) ? This should not be possible.
What is intriguing for me is that fact that after installing from bookworm netinst media, same setting as with Trixie rc1 - firmware UEFI, the machine boot ok
The change which disables JFS support in GRUB when secure boot is enabled was introduced in trixie, so bookworm is not affected.