secure boot in grub (was: Re: PK/KEK for ovmf)
- To: debian-efi@lists.debian.org
- Subject: secure boot in grub (was: Re: PK/KEK for ovmf)
- From: Ansgar <ansgar@debian.org>
- Date: Thu, 01 Aug 2019 07:28:57 +0200
- Message-id: <[🔎] 874l31xxly.fsf@43-1.org>
- In-reply-to: <20190731221256.GA21664@xps13.dannf> (dann frazier's message of "Wed, 31 Jul 2019 16:12:56 -0600")
- References: <20190731221256.GA21664@xps13.dannf>
Hi,
dann frazier writes:
> [1] https://salsa.debian.org/qemu-team/edk2/blob/debian/debian/PkKek-1.README
I've no answer to your question right now, but the following sentence
caught my attention:
+---
| When grub is run without the shim protocol registered, it assumes SB is
| disabled and boots without verifying the kernel.
+---
Is this correct?
If I enroll Debian's signing key and then boot grub directly, does that
actually disable secure boot? That looks like a bug to me.
Ansgar
Reply to: