Bug#928300: shim-signed: secure boot via removable media path unavailable
Hi Christian,
On Wed, May 01, 2019 at 04:52:35PM +0200, Christian Bachmaier wrote:
>Package: shim-signed
>Severity: normal
>
>Dear Maintainer,
>
>on my up to date buster system I have installed shim-signed and grub-efi-
>amd64-singed and their dependencies as described on
>https://wiki.debian.org/SecureBoot/Testing.
>
>However, booting with secure boot option on (in firmware) is not possible. I
>strongly belive that the reason for that is my buggy UEFI implementation on my
>Intel board, as many people may have: I need to use the removable media path,
>as the debian installer provides the option. (see
>https://wiki.debian.org/UEFI#Force_grub-
>efi_installation_to_the_removable_media_path)
>
>Using only grub (without secure boot) this works well, and I can trigger that
>by dpkg-reconfigure grub-efi-amd64 and using the option force-efi-extra-
>removable true option.
>
>I see no option to do something similar with shim-signed and its companions.
>Unfortunately, manually cloning shimx64.efi to /boot/efi/EFI/BOOTX64.EFI and
>copying the rest of the /boot/efi/EFI/debian directory does not help. And,
>however, this would also be a todo after all packet updates...
Ah. :-/
I think I can see what's going on here. I'll see if I can get a fix
worked out...
--
Steve McIntyre, Cambridge, UK. steve@einval.com
You raise the blade, you make the change... You re-arrange me 'til I'm sane...
Reply to: