[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#928300: secure boot via removable media path unavailable



Hi Chris!

On Sat, Jun 29, 2019 at 06:44:06AM +0200, Chris Nospam wrote:
>
>I know that this bug is not closed yet, but maybe the following is of
>interest for you.
>
>I noticed your report of bug #930531 which was recently fixed in
>grub2 version 2.02+dfsg1-19. Thus, I decided to give secure boot
>another try on my Intel DH77KC board. Meanwhile grub2 2.02+dfsg1-20
>was installed on my system.
>
>So what I did is
>$ apt-get install shim-signed grub-efi-amd64-signed
>(and automatically all deendencies). Then, to be sure,
>$ update-grub2
>$ dpkg-reconfigure grub-efi-amd64
>of course with force_efi_extra_removable set to/left on true.
>$ update-grub2
>$ shutdown -r now

OK, that *sounds* correct.

>Then I turned secure-boot on within the mainboard's UEFI
>Firmware. However, the system then won't boot and shows an error
>message about security violations. Pretty the same as with my first
>tries, which led to the initial posting. (A Windows media can be
>booted in secure mode.)

Can you get in to the system? I'm guessing (hoping!) just by disabling
SB for now. Then please do a listing of the EFi System Partition and
show us what boot variables are set:

# ls -lR /boot/efi
# efibootmgr -v

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
  Getting a SCSI chain working is perfectly simple if you remember that there
  must be exactly three terminations: one on one end of the cable, one on the
  far end, and the goat, terminated over the SCSI chain with a silver-handled
  knife whilst burning *black* candles. --- Anthony DeBoer


Reply to: