Bug#906124: Additional debug info
Somebody else
jm.bugtracking at gmail.com
Fri Aug 17 09:22:31 BST 2018
Hi,
so reading the source code of the debian/patches included in the
latest package and enabling additional debug logging (linux and
linuxefi, specifically) yielded additional information. It seems that
my setup is now broken because the defaults were changed to require
the "shim protocol". My setup previously booted like this:
UEFI -> Standalone GRUB signed with self-signed db.key/db.crt via
sbsign -> GPG-signed grub.cfg/vmlinuz/initrd
It seems that the "new" required setup is:
UEFI -> grub-shim signed with db.key/db.crt -> grub signed with ??? ->
vmlinuz signed with ???
Keep in mind that I have removed and desperately want to avoid any
keys signed by Microsoft (or Debian). I want to rely on purely my own
keys. Unfortunately there seems to be zero documentation on what has
changed or why and how to create a self-signed shim. I'm working off
the following grub_dprintf messages:
commands/verify.c:620: alive
loader/i386/efi/linux.c:61: Locating shim protocol
loader/i386/efi/linux.c:66: shim not available
loader/i386/linux.c:720: linuxefi failed (30)
Any pointers?
Thanks and best regards,
Jonas
More information about the Pkg-grub-devel
mailing list