Le 21/06/2021 à 19:44, Steve McIntyre a écrit :
On Sun, Jun 20, 2021 at 07:44:58PM +0200, Pascal Hambourg wrote:
I have Debian 10 amd64 installed on an old HP EliteBook 2570p. The UEFI
firmware seems to ignore the EFI boot entries and only be able to
boot from
the removable device path EFI\BOOT\BOOTX64.EFI by default. After each
boot a
new "debian" EFI boot entry was added, so I removed
/boot/efi/EFI/BOOT/fbx64.efi to avoid this. So far so good.
OK.
After the latest shim update which ran grub-install and installed the
new
/boot/efi/EFI/BOOT/fbx64.efi, UEFI boot hangs with no error message,
only the
HP logo, and GRUB does not show up.
Using "Boot from EFI file" in the firmware boot menu, it appears that :
- grubx64.efi (from either EFI\debian or EFI\BOOT) works
- shimx64.efi (from EFI\debian) works
- BOOTX64.efi (from EFI\BOOT) hangs
- fbx64.efi (from either EFI\debian or EFI\BOOT) hangs
So as a workaround, I removed /boot/efi/EFI/BOOT/fbx64.efi again.
OK. That's surprising, any I imagine annoying for you. :-/
Not really, as I would have removed fbx64.efi anyway to avoid creating
multiple debian entries. I am actually expecting trouble with this EFI
setup, it serves as a kind of sentinel. If I wanted no trouble, I would
remove the shim and grub signed stuff as I do not use secure boot, or
even disable EFI boot and enable only the BIOS boot. But that would be
boring.
If you're prepared to help with testing the problem here (please!),
could you please:
1. run "mokutil --set-verbosity true" from the Linux command line (as
root)
2. put the fbx64.efi file in place again (grub-install should do that)
3. reboot and try to capture any output
Done.
First screen with blue frame saying "Secure boot not enabled - OK"
After a long list of scrolled "mok.c:" lines ending with "returning
Success", the last lines before it stops are (partial, copied by hand) :
shim.c:1727:shim_init() UEFI SHIM
$Version: 15.4 $
$BuildMachine: buildhost $
$Commit: XXXX $
shim.c:898:load_image() attempting to load \EFI\Boot\fbx64.efi
pe.c:574:generate_hash() sha1 authenticode hash:
pe.c:575:generate_hash() (2 lines of XX and hex codes)
pe.c:576:generate_hash() sha256 authenticode hash:
pe.c:577:generate_hash() (2 more lines of hex codes)
pe.c:1057:handle_image() sbat section base:0xB9DED000 size:0xC6