Bug#958894: grub-efi-amd64-bin: Secure Boot forbids loading module from .../multiboot.mod
Fabian Greffrath
fabian at debian.org
Sun Apr 26 12:37:33 BST 2020
Package: grub-efi-amd64-bin
Version: 2.04-7
Severity: important
Hi,
GRUB currently fails to load the Invaders game from the grub-invaders
package, Instead, it shows an error message stating
Fehler: Secure Boot forbids loading module from
(hd0,gpt5)/boot/grub/x86_64-efi/multiboot.mod
If multoboot is forbidden with Secure Boot enabled, grub-invaders is
most likely not the only "kernel" that GRUB will be unable to Boot.
Cheers,
- Fabian
-- Package-specific info:
*********************** BEGIN /proc/mounts
/dev/sda5 / ext4 rw,relatime,errors=remount-ro 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0
*********************** END /proc/mounts
*********************** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
if [ x$feature_default_font_path = xy ] ; then
font=unicode
else
insmod part_gpt
insmod ext2
set root='hd0,gpt5'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt5 --hint-efi=hd0,gpt5 --hint-baremetal=ahci0,gpt5 7403c6c5-930a-4efe-bf43-130f005cf9a5
else
search --no-floppy --fs-uuid --set=root 7403c6c5-930a-4efe-bf43-130f005cf9a5
fi
font="/usr/share/grub/unicode.pf2"
fi
if loadfont $font ; then
set gfxmode=auto
load_video
insmod gfxterm
set locale_dir=$prefix/locale
set lang=de_DE
insmod gettext
fi
terminal_output gfxterm
if [ "${recordfail}" = 1 ] ; then
set timeout=30
else
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/05_debian_theme ###
insmod part_gpt
insmod ext2
set root='hd0,gpt5'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt5 --hint-efi=hd0,gpt5 --hint-baremetal=ahci0,gpt5 7403c6c5-930a-4efe-bf43-130f005cf9a5
else
search --no-floppy --fs-uuid --set=root 7403c6c5-930a-4efe-bf43-130f005cf9a5
fi
insmod png
if background_image /usr/share/desktop-base/futureprototype-theme/grub/grub-16x9.png; then
set color_normal=white/black
set color_highlight=black/white
else
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
fi
### END /etc/grub.d/05_debian_theme ###
### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-7403c6c5-930a-4efe-bf43-130f005cf9a5' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt5'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt5 --hint-efi=hd0,gpt5 --hint-baremetal=ahci0,gpt5 7403c6c5-930a-4efe-bf43-130f005cf9a5
else
search --no-floppy --fs-uuid --set=root 7403c6c5-930a-4efe-bf43-130f005cf9a5
fi
echo 'Loading Linux 5.5.0-1-amd64 ...'
linux /boot/vmlinuz-5.5.0-1-amd64 root=UUID=7403c6c5-930a-4efe-bf43-130f005cf9a5 ro quiet splash
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-5.5.0-1-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 'gnulinux-advanced-7403c6c5-930a-4efe-bf43-130f005cf9a5' {
menuentry 'Debian GNU/Linux, with Linux 5.5.0-1-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.5.0-1-amd64-advanced-7403c6c5-930a-4efe-bf43-130f005cf9a5' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt5'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt5 --hint-efi=hd0,gpt5 --hint-baremetal=ahci0,gpt5 7403c6c5-930a-4efe-bf43-130f005cf9a5
else
search --no-floppy --fs-uuid --set=root 7403c6c5-930a-4efe-bf43-130f005cf9a5
fi
echo 'Loading Linux 5.5.0-1-amd64 ...'
linux /boot/vmlinuz-5.5.0-1-amd64 root=UUID=7403c6c5-930a-4efe-bf43-130f005cf9a5 ro quiet splash
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-5.5.0-1-amd64
}
menuentry 'Debian GNU/Linux, with Linux 5.5.0-1-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.5.0-1-amd64-recovery-7403c6c5-930a-4efe-bf43-130f005cf9a5' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt5'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt5 --hint-efi=hd0,gpt5 --hint-baremetal=ahci0,gpt5 7403c6c5-930a-4efe-bf43-130f005cf9a5
else
search --no-floppy --fs-uuid --set=root 7403c6c5-930a-4efe-bf43-130f005cf9a5
fi
echo 'Loading Linux 5.5.0-1-amd64 ...'
linux /boot/vmlinuz-5.5.0-1-amd64 root=UUID=7403c6c5-930a-4efe-bf43-130f005cf9a5 ro single
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-5.5.0-1-amd64
}
menuentry 'Debian GNU/Linux, with Linux 5.4.0-4-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-4-amd64-advanced-7403c6c5-930a-4efe-bf43-130f005cf9a5' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt5'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt5 --hint-efi=hd0,gpt5 --hint-baremetal=ahci0,gpt5 7403c6c5-930a-4efe-bf43-130f005cf9a5
else
search --no-floppy --fs-uuid --set=root 7403c6c5-930a-4efe-bf43-130f005cf9a5
fi
echo 'Loading Linux 5.4.0-4-amd64 ...'
linux /boot/vmlinuz-5.4.0-4-amd64 root=UUID=7403c6c5-930a-4efe-bf43-130f005cf9a5 ro quiet splash
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-5.4.0-4-amd64
}
menuentry 'Debian GNU/Linux, with Linux 5.4.0-4-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.4.0-4-amd64-recovery-7403c6c5-930a-4efe-bf43-130f005cf9a5' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt5'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt5 --hint-efi=hd0,gpt5 --hint-baremetal=ahci0,gpt5 7403c6c5-930a-4efe-bf43-130f005cf9a5
else
search --no-floppy --fs-uuid --set=root 7403c6c5-930a-4efe-bf43-130f005cf9a5
fi
echo 'Loading Linux 5.4.0-4-amd64 ...'
linux /boot/vmlinuz-5.4.0-4-amd64 root=UUID=7403c6c5-930a-4efe-bf43-130f005cf9a5 ro single
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-5.4.0-4-amd64
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/22_invaders ###
menuentry "GRUB Invaders" {
insmod part_gpt
insmod ext2
set root='hd0,gpt5'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt5 --hint-efi=hd0,gpt5 --hint-baremetal=ahci0,gpt5 7403c6c5-930a-4efe-bf43-130f005cf9a5
else
search --no-floppy --fs-uuid --set=root 7403c6c5-930a-4efe-bf43-130f005cf9a5
fi
multiboot /boot/invaders.exec
}
### END /etc/grub.d/22_invaders ###
### BEGIN /etc/grub.d/30_os-prober ###
menuentry 'Windows Boot Manager (on /dev/sda1)' --class windows --class os $menuentry_id_option 'osprober-efi-6A69-21DC' {
insmod part_gpt
insmod fat
set root='hd0,gpt1'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1 6A69-21DC
else
search --no-floppy --fs-uuid --set=root 6A69-21DC
fi
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'System setup' $menuentry_id_option 'uefi-firmware' {
fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
*********************** END /boot/grub/grub.cfg
*********************** BEGIN /proc/mdstat
cat: /proc/mdstat: No such file or directory
*********************** END /proc/mdstat
*********************** BEGIN /dev/disk/by-id
total 0
lrwxrwxrwx 1 root root 9 Apr 26 13:30 ata-ST1000LM035-1RK172_WKP1TNGC -> ../../sda
lrwxrwxrwx 1 root root 10 Apr 26 13:30 ata-ST1000LM035-1RK172_WKP1TNGC-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Apr 26 13:30 ata-ST1000LM035-1RK172_WKP1TNGC-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Apr 26 13:30 ata-ST1000LM035-1RK172_WKP1TNGC-part3 -> ../../sda3
lrwxrwxrwx 1 root root 10 Apr 26 13:30 ata-ST1000LM035-1RK172_WKP1TNGC-part4 -> ../../sda4
lrwxrwxrwx 1 root root 10 Apr 26 13:30 ata-ST1000LM035-1RK172_WKP1TNGC-part5 -> ../../sda5
lrwxrwxrwx 1 root root 10 Apr 26 13:30 ata-ST1000LM035-1RK172_WKP1TNGC-part6 -> ../../sda6
lrwxrwxrwx 1 root root 9 Apr 26 13:30 wwn-0x5000c500bfacf1f2 -> ../../sda
lrwxrwxrwx 1 root root 10 Apr 26 13:30 wwn-0x5000c500bfacf1f2-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Apr 26 13:30 wwn-0x5000c500bfacf1f2-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Apr 26 13:30 wwn-0x5000c500bfacf1f2-part3 -> ../../sda3
lrwxrwxrwx 1 root root 10 Apr 26 13:30 wwn-0x5000c500bfacf1f2-part4 -> ../../sda4
lrwxrwxrwx 1 root root 10 Apr 26 13:30 wwn-0x5000c500bfacf1f2-part5 -> ../../sda5
lrwxrwxrwx 1 root root 10 Apr 26 13:30 wwn-0x5000c500bfacf1f2-part6 -> ../../sda6
*********************** END /dev/disk/by-id
*********************** BEGIN /dev/disk/by-uuid
total 0
lrwxrwxrwx 1 root root 10 Apr 26 13:30 4E966CCD966CB6DD -> ../../sda4
lrwxrwxrwx 1 root root 10 Apr 26 13:30 6A69-21DC -> ../../sda1
lrwxrwxrwx 1 root root 10 Apr 26 13:30 7403c6c5-930a-4efe-bf43-130f005cf9a5 -> ../../sda5
lrwxrwxrwx 1 root root 10 Apr 26 13:30 8A486BEA486BD40B -> ../../sda3
lrwxrwxrwx 1 root root 10 Apr 26 13:30 e73f81c5-049c-412f-935f-cf351622b0fe -> ../../sda6
*********************** END /dev/disk/by-uuid
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'experimental'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.5.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages grub-efi-amd64-bin depends on:
ii grub-common 2.04-7
Versions of packages grub-efi-amd64-bin recommends:
ii efibootmgr 17-1
ii grub-efi-amd64-signed 1+2.04+7
grub-efi-amd64-bin suggests no packages.
-- no debconf information
More information about the Pkg-grub-devel
mailing list