Bug#928300: secure boot via removable media path unavailable
On Sat, Jun 29, 2019 at 06:44:06AM +0200, Chris Nospam wrote:
>I know that this bug is not closed yet, but maybe the following is of
>interest for you.
>I noticed your report of bug #930531 which was recently fixed in
>grub2 version 2.02+dfsg1-19. Thus, I decided to give secure boot
>another try on my Intel DH77KC board. Meanwhile grub2 2.02+dfsg1-20
>was installed on my system.
>So what I did is
>$ apt-get install shim-signed grub-efi-amd64-signed
>(and automatically all deendencies). Then, to be sure,
>$ dpkg-reconfigure grub-efi-amd64
>of course with force_efi_extra_removable set to/left on true.
>$ shutdown -r now
OK, that *sounds* correct.
>Then I turned secure-boot on within the mainboard's UEFI
>Firmware. However, the system then won't boot and shows an error
>message about security violations. Pretty the same as with my first
>tries, which led to the initial posting. (A Windows media can be
>booted in secure mode.)
Can you get in to the system? I'm guessing (hoping!) just by disabling
SB for now. Then please do a listing of the EFi System Partition and
show us what boot variables are set:
# ls -lR /boot/efi
# efibootmgr -v
Steve McIntyre, Cambridge, UK. email@example.com
Getting a SCSI chain working is perfectly simple if you remember that there
must be exactly three terminations: one on one end of the cable, one on the
far end, and the goat, terminated over the SCSI chain with a silver-handled
knife whilst burning *black* candles. --- Anthony DeBoer