On 8/24/2021 2:51 AM, Thomas Schmitt wrote:
Hi, Chuck Zmudzinski wrote:I don't know when an official fix will come , but I have come up with a workaround that works for me:Congrats. Great investigation work, as far as i can judge as bystander. So it's only the initrd and not the kernel which spoils booting. (I wonder whether Secure Boot would detect and refuse on a manipulated kernel or initrd.) Have a nice day :) Thomas
I suppose secure boot might fail but I am not using it in my Xen HVM. I think the kernel and initrd would need to be digitally signed for secure boot to be able to check them, and I think in Debian secure boot only the grub boot loader is digitally signed, and my hack does not change that. So it is possible Debian's secure boot would also work with my hack to the initrd. Cheers, Chuck