Bug#995155: (no subject)

To: 995155@bugs.debian.org
Subject: Bug#995155: (no subject)
From: Nathaniel Roach <nroach44@nroach44.id.au>
Date: Sun, 5 Feb 2023 11:01:03 +0800
Message-id: <[🔎] 55ff95a3-ca6d-0f56-a0cd-ab9a72609d2f@nroach44.id.au>
Reply-to: Nathaniel Roach <nroach44@nroach44.id.au>, 995155@bugs.debian.org
References: <8735pqjtcb.fsf@albion.it.manchester.ac.uk>

I can confirm that building 15.7 from the debian git, using it to boot (with secure boot off) with the right EFI entry results in the update going through:

sudo apt-get build-dep shim

sudo apt-get install libefivar-dev # New dependency that apt won't be aware of yet

git clone https://salsa.debian.org/efi-team/shim.git

dpkg-buildpackage -uc -b

sudo dpkg -i ../shim-unsigned_15.7-1~deb11u1_amd64.deb

sudo mv /boot/efi/EFI/debian/shimx64.efi /boot/efi/EFI/debian/shimx64-154.efi

sudo cp /usr/lib/shim/shimx64.efi /boot/efi/EFI/debian/shimx64.efi

-- reboot into firmware, disable secure boot --

-- boot the Linux-Firmware-Updater entry, let the system update --

-- boot back into debian --

sudo apt-get install shim-unsigned=15.4-7

sudo mv /boot/efi/EFI/debian/shimx64-154.efi /boot/efi/EFI/debian/shimx64.efi

Signing the shim with MOK doesn't work, FYI, I did try that.

Nathaniel Roach

Reply to:

Prev by Date: Bug#1030550: flashrom FTBFS on !amd64/i386
Next by Date: Processing of flashrom_1.3.0-2_source.changes
Previous by thread: Bug#1030550: marked as done (flashrom FTBFS on !amd64/i386)
Next by thread: Processing of flashrom_1.3.0-2_source.changes
Index(es):
- Date
- Thread