UEFI Secure Boot - GRUB WIP report
Luca Boccassi
bluca at debian.org
Wed Jun 27 22:01:04 BST 2018
On Wed, 2018-06-27 at 22:49 +0200, Philipp Hahn wrote:
> Hello Colin, hello Luca,
>
> Am 20.06.2018 um 14:28 schrieb Luca Boccassi:
> > On Wed, 2018-06-20 at 14:12 +0200, Philipp Hahn wrote:
> > > Am 19.06.2018 um 16:38 schrieb Luca Boccassi:
> > > > On Tue, 2018-06-19 at 11:00 +0200, Philipp Hahn wrote:
> > > > > Am 19.06.2018 um 10:25 schrieb Colin Watson:
> > > > > The good news: It works: It loads the signed SHIM and GRUB.
> > > > >
> > > > > The bad news: GRUB still falls back to loading an unsigned
> > > > > Linux
> > > > > kernel.
>
> ...
> > > > I really can't find my way around git-dpm though, I find it a
> > > > bit
> > > > confusing, being used to gbp - could there be an issue with the
> > > > quilt patch?
> > >
> > > I'm haven't yet used git-dpm, too.
>
> It took me some time but now it seams to work - Yeah! I think that
> patch
> of yours was not applied in my first build - that should be fixed
> now.
>
> > This is exactly the symptom fixed by this PR (EFI variable is set
> > so
> > you get the first print, but grub overwrites it so the kernel can't
> > determine the mode anymore):
>
> Now it get this:
> > # dmesg | grep -i secu
> > [ 0.000000] secureboot: Secure boot enabled
> > [ 0.000000] Kernel is locked down from EFI secure boot; see man
> > kernel_lockdown.7
Great, that looks good!
> I removed those other branches and I'm back at
> <https://salsa.debian.org/pmhahn/grub/tree/signing>.
>
> @Colin: I hope the tree is now in a state you like and can merge it.
>
> I don't have much time to work on that right now and even less
> starting
> mid next week, but Luca seems to be quiet knowledgeable.
>
> So thanks to everyone so far.
> Philipp
Sorry to be annoying, but the new branch still has a missing commit
that was merged in the old branch :-)
Opened a PR here to make it easier:
https://salsa.debian.org/pmhahn/grub/merge_requests/4
Thanks for your work!
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20180627/16453110/attachment.sig>
More information about the Pkg-grub-devel
mailing list