Hi all, On request from Steve, starting this discussion on-list. Should shim be updated before buster ships? The current version is quite old. If the answer is yes, I would recommend going to v15 and to backport the following 2 commits: https://github.com/rhboot/shim/commit/a625fa5 https://github.com/rhboot/shim/commit/e563bc3 Version 14, which is currently in Salsa, has a bug where in case of chainloading shim -> grub -> shim -> grub the protocol is not in sync with the systab, so exit_boot_services returns an EFI security violation even if everything has been verified correctly. This is fixed in v15. The two commits above further fix a bootloop when a user launches shim manually from the EFI shell, from a relative path. I have verified that v15 + the above 2 commits works fine on TianoCore, on my Dell laptop, on an AMI UEFI implementation I have on a Supermicro board, and on a third-party proprietary UEFI implementation we have at $work using a live-build ISO I built and self-signed. The following also needs backporting simply to fix the build, as upstream decided to always run "git clean" on "make clean" which works as well as you can imagine on a buildd... https://github.com/rhboot/shim/pull/163 -- Kind regards, Luca Boccassi
Attachment:
signature.asc
Description: This is a digitally signed message part