Bug#928300: shim-signed: secure boot via removable media path unavailable
Package: shim-signed
Severity: normal
Dear Maintainer,
on my up to date buster system I have installed shim-signed and grub-efi-
amd64-singed and their dependencies as described on
https://wiki.debian.org/SecureBoot/Testing.
However, booting with secure boot option on (in firmware) is not possible. I
strongly belive that the reason for that is my buggy UEFI implementation on my
Intel board, as many people may have: I need to use the removable media path,
as the debian installer provides the option. (see
https://wiki.debian.org/UEFI#Force_grub-
efi_installation_to_the_removable_media_path)
Using only grub (without secure boot) this works well, and I can trigger that
by dpkg-reconfigure grub-efi-amd64 and using the option force-efi-extra-
removable true option.
I see no option to do something similar with shim-signed and its companions.
Unfortunately, manually cloning shimx64.efi to /boot/efi/EFI/BOOTX64.EFI and
copying the rest of the /boot/efi/EFI/debian directory does not help. And,
however, this would also be a todo after all packet updates...
Thanks, Chris
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages shim-signed depends on:
ii debconf [debconf-2.0] 1.5.71
ii grub-efi-amd64-bin 2.02+dfsg1-16
ii grub2-common 2.02+dfsg1-16
pn mokutil <none>
pn shim-helpers-amd64-signed <none>
Versions of packages shim-signed recommends:
pn secureboot-db <none>
shim-signed suggests no packages.
Reply to: