[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fbx64.efi hangs after Debian 10.10 shim update

Hey again Pascal,

On Sat, Jun 26, 2021 at 10:35:35AM +0200, Pascal Hambourg wrote:
>Le 21/06/2021 à 21:12, Pascal Hambourg a écrit :
>> shim.c:1727:shim_init() UEFI SHIM
>> $Version: 15.4 $
>> $BuildMachine: buildhost $
>> $Commit: XXXX $
>> shim.c:898:load_image() attempting to load \EFI\Boot\fbx64.efi
>> pe.c:574:generate_hash() sha1 authenticode hash:
>> pe.c:575:generate_hash() (2 lines of XX and hex codes)
>> pe.c:576:generate_hash() sha256 authenticode hash:
>> pe.c:577:generate_hash() (2 more lines of hex codes)
>> pe.c:1057:handle_image() sbat section base:0xB9DED000 size:0xC6
>More information :
>The firmware has two UEFI boot modes : Hybrid (with CSM) and Native (without
>CSM). In hybrid mode, secure boot is disabled. In native mode, secure boot
>can be enabled or disabled.

OK, that sounds normal.

>Until now I always used hybrid mode which allows either EFI and legacy BIOS
>boot. I discovered that the issue happens only in hybrid mode, not in native
>mode. In native mode with secure boot disabled, here are the next lines
>displayed after the above lines :
>shim.c:1926:efi_main() vendor_authorized:0xB9BA6010
>shim.c:1928:efi_main() vendor_deauthorized:0xB9BA63B2
>sbat.c:346:set_sbat_uefi_variable() SbatLevel variable is 18 bytes,
>attributes are 0x00000003
>Then the blue frame "Secure boot not enabled" is displayed again (supposedly
>when \EFI\debian\shimx64.efi is executed).
>With secure mode enabled the frame is not displayed so it does not pause and
>allow me to see anything until GRUB menu is displayed.


>FWIW, the latest shim-helpers-amd64-signed 1+15.4+6~deb10u1 from
>buster-proposed-updates did not fix the issue.

Right. Nothing has changed in the helpers for a while now, all the
recent changes have been in the shim binary only.

Steve McIntyre, Cambridge, UK.                                steve@einval.com
"I used to be the first kid on the block wanting a cranial implant,
 now I want to be the first with a cranial firewall. " -- Charlie Stross

Reply to: