Bug#928300: secure boot via removable media path unavailable

To: 928300@bugs.debian.org
Subject: Bug#928300: secure boot via removable media path unavailable
From: "Chris Nospam" <chris21k@gmx.de>
Date: Sat, 29 Jun 2019 06:44:06 +0200
Message-id: <[🔎] trinity-fedb0c24-815c-4ee5-9367-c25b6840bc2f-1561783446944@3c-app-gmx-bs14>
Reply-to: "Chris Nospam" <chris21k@gmx.de>, 928300@bugs.debian.org
References: <155672235570.3178.18157550707493556338.reportbug@betty.q3x.local>

Dear Steve,

I know that this bug is not closed yet, but maybe the following is of interest for you.

I noticed your report of bug #930531 which was recently fixed in grub2 version 2.02+dfsg1-19. Thus, I decided to give secure boot another try on my Intel DH77KC board. Meanwhile grub2 2.02+dfsg1-20 was installed on my system.
So what I did is
$ apt-get install shim-signed grub-efi-amd64-signed
(and automatically all deendencies). Then, to be sure,
$ update-grub2
$ dpkg-reconfigure grub-efi-amd64
of course with force_efi_extra_removable set to/left on true.
$ update-grub2
$ shutdown -r now
Then I turned secure-boot on within the mainboard's UEFI Firmware. However, the system then won't boot and shows an error message about security violations. Pretty the same as with my first tries, which led to the initial posting. (A Windows media can be booted in secure mode.)

Chris

Reply to:

Follow-Ups:
- Bug#928300: secure boot via removable media path unavailable
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Re: Submitted Bof session for DebConf19
Next by Date: Bug#928300: secure boot via removable media path unavailable
Previous by thread: Re: Submitted Bof session for DebConf19
Next by thread: Bug#928300: secure boot via removable media path unavailable
Index(es):
- Date
- Thread