Your message dated Sat, 25 May 2019 02:20:16 +0100 with message-id <20190525012016.GA22526@tack.einval.com> and subject line Re: Bug#920144: shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled has caused the Debian Bug report #920144, regarding shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 920144: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920144 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled
- From: Steven Shiau <steven@nchc.org.tw>
- Date: Tue, 22 Jan 2019 14:41:24 +0800
- Message-id: <cb0b61bd-2107-35e3-210d-2321f906beae@nchc.org.tw>
Package: shim-signed Version: 1.28+nmu1+0.9+1474479173.6c180c6-1 Severity: normal Dear Maintainer, On Debian secure boot wiki page: https://wiki.debian.org/SecureBoot/Testing#Buster_installer_images It mentioned: Buster live images Since 16th Jan 2019, our normal weekly amd64 live images should live-boot with Secure Boot enabled without needing any special steps. They should also support installation of a Secure Boot enabled system directly. See https://get.debian.org/images/weekly-live-builds/ and Buster live images Since 16th Jan 2019, our normal weekly amd64 live images should live-boot with Secure Boot enabled without needing any special steps. They should also support installation of a Secure Boot enabled system directly. See https://get.debian.org/images/weekly-live-builds/ However, both https://get.debian.org/images/daily-builds/daily/current/amd64/iso-cd/debian-testing-amd64-netinst.iso and https://get.debian.org/images/weekly-live-builds/amd64/iso-hybrid/debian-live-testing-amd64-mate.iso build on Jan/21/2019 failed to boot with secure boot enabled on VMWare WS Pro 15 and Lenovo X260. Attached please check the screenshot when it failed to boot. In addition, I use live-build 20180925 to create the secure boot ready Debian Sid ISO with lb config --uefi-secure-boot enable and also included grub-efi-amd64-signed, shim-signed, linux-image-4.19.0-1-amd64 However, the created live ISO also failed to boot with the same error. If I turned off the secure boot in the BIOS, the created ISO can boot successfully. If you need more info, please let me know. Thanks. Steven -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages shim-signed depends on: ii debconf [debconf-2.0] 1.5.70 ii grub-efi-amd64-bin 2.02+dfsg1-10 ii grub2-common 2.02+dfsg1-10 ii mokutil 0.2.0-1+b3 ii shim 0.9+1474479173.6c180c6-1 Versions of packages shim-signed recommends: pn secureboot-db <none> shim-signed suggests no packages. -- debconf information excluded -- Steven Shiau <steven _at_ stevenshiau org> Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0Attachment: shim-signed-failed.png
Description: PNG image
--- End Message ---
--- Begin Message ---
- To: Steven Shiau <steven@nchc.org.tw>, 920144-done@bugs.debian.org
- Subject: Re: Bug#920144: shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled
- From: Steve McIntyre <steve@einval.com>
- Date: Sat, 25 May 2019 02:20:16 +0100
- Message-id: <20190525012016.GA22526@tack.einval.com>
- In-reply-to: <20190323184841.GA2776@tack.einval.com>
- References: <cb0b61bd-2107-35e3-210d-2321f906beae@nchc.org.tw> <20190323184841.GA2776@tack.einval.com>
And things should be working now after all the uploads happeneds, so I'm closing this. On Sat, Mar 23, 2019 at 06:48:41PM +0000, Steve McIntyre wrote: >On Tue, Jan 22, 2019 at 02:41:24PM +0800, Steven Shiau wrote: >>Package: shim-signed >>Version: 1.28+nmu1+0.9+1474479173.6c180c6-1 >>Severity: normal >> >>Dear Maintainer, >> >>On Debian secure boot wiki page: >>https://wiki.debian.org/SecureBoot/Testing#Buster_installer_images >>It mentioned: >>Buster live images >>Since 16th Jan 2019, our normal weekly amd64 live images should >>live-boot with Secure Boot enabled without needing any special steps. >>They should also support installation of a Secure Boot enabled system >>directly. >> >>See https://get.debian.org/images/weekly-live-builds/ >>and >>Buster live images >> >>Since 16th Jan 2019, our normal weekly amd64 live images should >>live-boot with Secure Boot enabled without needing any special steps. >>They should also support installation of a Secure Boot enabled system >>directly. >> >>See https://get.debian.org/images/weekly-live-builds/ >> >>However, both >>https://get.debian.org/images/daily-builds/daily/current/amd64/iso-cd/debian-testing-amd64-netinst.iso >>and >>https://get.debian.org/images/weekly-live-builds/amd64/iso-hybrid/debian-live-testing-amd64-mate.iso >>build on Jan/21/2019 failed to boot with secure boot enabled on VMWare >>WS Pro 15 and Lenovo X260. >>Attached please check the screenshot when it failed to boot. >> >>In addition, I use live-build 20180925 to create the secure boot ready >>Debian Sid ISO with >>lb config --uefi-secure-boot enable >>and also included grub-efi-amd64-signed, shim-signed, >>linux-image-4.19.0-1-amd64 >> >>However, the created live ISO also failed to boot with the same error. >>If I turned off the secure boot in the BIOS, the created ISO can boot >>successfully. > >Apologies, this was a mistake on my part. We were still using our test >key for signing our packaged EFI binaries (grub, linux, etc.) and I'd >missed that. Things should be fixed really soon... > >-- >Steve McIntyre, Cambridge, UK. steve@einval.com >"When C++ is your hammer, everything looks like a thumb." -- Steven M. Haflich -- Steve McIntyre, Cambridge, UK. steve@einval.com You lock the door And throw away the key There's someone in my head but it's not me
--- End Message ---