Bug#958925: grub-efi: Does not sign EFI entries.
Santiago José López Borrazás
sjlopezb at gmx.es
Sun Apr 26 19:38:57 BST 2020
Package: grub-efi
Version: 2.04-7
Severity: important
Dear Maintainer,
The new version of GRUB, which is 2.0.4-7, I find a problem that does not sign,
or does not collect the EFI signature, that for this, I have to disable the
"Secure Boot" implementation, because it does not load even the of three.
I already tried with the Debian pendrive to install and load the GRUB, along
with the command "update-grub", but nothing, I have to disable the "Secure
Boot" to do this job, because it does not load.
In the previous version, which was 2.0.4-6, it did load perfectly, but this
other version, no, not even in dreams.
This that I give, is through the secondary disk, which is /dev/sda.
-- Package-specific info:
*********************** BEGIN /proc/mounts
/dev/sda2 / ext4 rw,noatime,nobarrier,errors=remount-ro 0 0
/dev/loop2 /snap/spotify/41 squashfs ro,nodev,relatime 0 0
/dev/loop1 /snap/core18/1705 squashfs ro,nodev,relatime 0 0
/dev/loop0 /snap/snapd/7264 squashfs ro,nodev,relatime 0 0
/dev/sda1 /boot/efi vfat rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/sda4 /home ext4 rw,noatime,nobarrier 0 0
*********************** END /proc/mounts
*********************** BEGIN /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#
### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
set have_grubenv=true
load_env
fi
if [ "${next_entry}" ] ; then
set default="${next_entry}"
set next_entry=
save_env next_entry
set boot_once=true
else
set default="0"
fi
if [ x"${feature_menuentry_id}" = xy ]; then
menuentry_id_option="--id"
else
menuentry_id_option=""
fi
export menuentry_id_option
if [ "${prev_saved_entry}" ]; then
set saved_entry="${prev_saved_entry}"
save_env saved_entry
set prev_saved_entry=
save_env prev_saved_entry
set boot_once=true
fi
function savedefault {
if [ -z "${boot_once}" ]; then
saved_entry="${chosen}"
save_env saved_entry
fi
}
function load_video {
if [ x$feature_all_video_module = xy ]; then
insmod all_video
else
insmod efi_gop
insmod efi_uga
insmod ieee1275_fb
insmod vbe
insmod vga
insmod video_bochs
insmod video_cirrus
fi
}
terminal_input console
terminal_output console
if [ "${recordfail}" = 1 ] ; then
set timeout=30
else
if [ x$feature_timeout_style = xy ] ; then
set timeout_style=menu
set timeout=5
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
set timeout=5
fi
fi
### END /etc/grub.d/00_header ###
### BEGIN /etc/grub.d/05_debian_theme ###
set menu_color_normal=cyan/blue
set menu_color_highlight=white/blue
### END /etc/grub.d/05_debian_theme ###
### BEGIN /etc/grub.d/10_linux ###
function gfxmode {
set gfxpayload="${1}"
}
set linux_gfx_mode=
export linux_gfx_mode
menuentry 'Debian GNU/Linux' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-simple-8a5321fa-c430-49f8-a226-99174412a978' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 8a5321fa-c430-49f8-a226-99174412a978
else
search --no-floppy --fs-uuid --set=root 8a5321fa-c430-49f8-a226-99174412a978
fi
echo 'Loading Linux 5.5.0-2-amd64 ...'
linux /boot/vmlinuz-5.5.0-2-amd64 root=UUID=8a5321fa-c430-49f8-a226-99174412a978 ro quiet i915.enable_psr=0
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-5.5.0-2-amd64
}
submenu 'Advanced options for Debian GNU/Linux' $menuentry_id_option 'gnulinux-advanced-8a5321fa-c430-49f8-a226-99174412a978' {
menuentry 'Debian GNU/Linux, with Linux 5.5.0-2-amd64' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.5.0-2-amd64-advanced-8a5321fa-c430-49f8-a226-99174412a978' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 8a5321fa-c430-49f8-a226-99174412a978
else
search --no-floppy --fs-uuid --set=root 8a5321fa-c430-49f8-a226-99174412a978
fi
echo 'Loading Linux 5.5.0-2-amd64 ...'
linux /boot/vmlinuz-5.5.0-2-amd64 root=UUID=8a5321fa-c430-49f8-a226-99174412a978 ro quiet i915.enable_psr=0
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-5.5.0-2-amd64
}
menuentry 'Debian GNU/Linux, with Linux 5.5.0-2-amd64 (recovery mode)' --class debian --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-5.5.0-2-amd64-recovery-8a5321fa-c430-49f8-a226-99174412a978' {
load_video
insmod gzio
if [ x$grub_platform = xxen ]; then insmod xzio; insmod lzopio; fi
insmod part_gpt
insmod ext2
set root='hd0,gpt2'
if [ x$feature_platform_search_hint = xy ]; then
search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt2 --hint-efi=hd0,gpt2 --hint-baremetal=ahci0,gpt2 8a5321fa-c430-49f8-a226-99174412a978
else
search --no-floppy --fs-uuid --set=root 8a5321fa-c430-49f8-a226-99174412a978
fi
echo 'Loading Linux 5.5.0-2-amd64 ...'
linux /boot/vmlinuz-5.5.0-2-amd64 root=UUID=8a5321fa-c430-49f8-a226-99174412a978 ro single
echo 'Loading initial ramdisk ...'
initrd /boot/initrd.img-5.5.0-2-amd64
}
}
### END /etc/grub.d/10_linux ###
### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###
### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###
### BEGIN /etc/grub.d/30_uefi-firmware ###
menuentry 'System setup' $menuentry_id_option 'uefi-firmware' {
fwsetup
}
### END /etc/grub.d/30_uefi-firmware ###
### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
### END /etc/grub.d/40_custom ###
### BEGIN /etc/grub.d/41_custom ###
if [ -f ${config_directory}/custom.cfg ]; then
source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f $prefix/custom.cfg ]; then
source $prefix/custom.cfg;
fi
### END /etc/grub.d/41_custom ###
*********************** END /boot/grub/grub.cfg
*********************** BEGIN /proc/mdstat
Personalities : [linear] [multipath] [raid0] [raid1] [raid6] [raid5] [raid4] [raid10]
unused devices: <none>
*********************** END /proc/mdstat
*********************** BEGIN /dev/disk/by-id
total 0
lrwxrwxrwx 1 root root 9 Apr 26 20:23 ata-HGST_HTS721010A9E630_JR100XBNJU7GLE -> ../../sda
lrwxrwxrwx 1 root root 10 Apr 26 20:23 ata-HGST_HTS721010A9E630_JR100XBNJU7GLE-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Apr 26 20:23 ata-HGST_HTS721010A9E630_JR100XBNJU7GLE-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Apr 26 20:23 ata-HGST_HTS721010A9E630_JR100XBNJU7GLE-part3 -> ../../sda3
lrwxrwxrwx 1 root root 10 Apr 26 20:23 ata-HGST_HTS721010A9E630_JR100XBNJU7GLE-part4 -> ../../sda4
lrwxrwxrwx 1 root root 13 Apr 26 20:23 nvme-KINGSTON_RBUSNS8154P3256GJ_50026B7682577DF7 -> ../../nvme0n1
lrwxrwxrwx 1 root root 15 Apr 26 20:23 nvme-KINGSTON_RBUSNS8154P3256GJ_50026B7682577DF7-part1 -> ../../nvme0n1p1
lrwxrwxrwx 1 root root 15 Apr 26 20:23 nvme-KINGSTON_RBUSNS8154P3256GJ_50026B7682577DF7-part2 -> ../../nvme0n1p2
lrwxrwxrwx 1 root root 15 Apr 26 20:23 nvme-KINGSTON_RBUSNS8154P3256GJ_50026B7682577DF7-part3 -> ../../nvme0n1p3
lrwxrwxrwx 1 root root 15 Apr 26 20:23 nvme-KINGSTON_RBUSNS8154P3256GJ_50026B7682577DF7-part4 -> ../../nvme0n1p4
lrwxrwxrwx 1 root root 13 Apr 26 20:23 nvme-eui.0026b7682577df75 -> ../../nvme0n1
lrwxrwxrwx 1 root root 15 Apr 26 20:23 nvme-eui.0026b7682577df75-part1 -> ../../nvme0n1p1
lrwxrwxrwx 1 root root 15 Apr 26 20:23 nvme-eui.0026b7682577df75-part2 -> ../../nvme0n1p2
lrwxrwxrwx 1 root root 15 Apr 26 20:23 nvme-eui.0026b7682577df75-part3 -> ../../nvme0n1p3
lrwxrwxrwx 1 root root 15 Apr 26 20:23 nvme-eui.0026b7682577df75-part4 -> ../../nvme0n1p4
lrwxrwxrwx 1 root root 9 Apr 26 20:23 wwn-0x5000cca8e6e7a854 -> ../../sda
lrwxrwxrwx 1 root root 10 Apr 26 20:23 wwn-0x5000cca8e6e7a854-part1 -> ../../sda1
lrwxrwxrwx 1 root root 10 Apr 26 20:23 wwn-0x5000cca8e6e7a854-part2 -> ../../sda2
lrwxrwxrwx 1 root root 10 Apr 26 20:23 wwn-0x5000cca8e6e7a854-part3 -> ../../sda3
lrwxrwxrwx 1 root root 10 Apr 26 20:23 wwn-0x5000cca8e6e7a854-part4 -> ../../sda4
*********************** END /dev/disk/by-id
*********************** BEGIN /dev/disk/by-uuid
total 0
lrwxrwxrwx 1 root root 10 Apr 26 20:23 224a5cc7-7367-4b55-a780-d9421d89db7a -> ../../sda4
lrwxrwxrwx 1 root root 15 Apr 26 20:23 60F41D17F41CF150 -> ../../nvme0n1p1
lrwxrwxrwx 1 root root 15 Apr 26 20:23 628226EF8226C77F -> ../../nvme0n1p4
lrwxrwxrwx 1 root root 10 Apr 26 20:23 8a5321fa-c430-49f8-a226-99174412a978 -> ../../sda2
lrwxrwxrwx 1 root root 15 Apr 26 20:23 9DE0-E5FB -> ../../nvme0n1p2
lrwxrwxrwx 1 root root 10 Apr 26 20:23 C806-DD5D -> ../../sda1
lrwxrwxrwx 1 root root 10 Apr 26 20:23 d604af8f-06a1-45f7-9e47-5aab3147accf -> ../../sda3
*********************** END /dev/disk/by-uuid
-- System Information:
Debian Release: bullseye/sid
APT prefers buildd-unstable
APT policy: (500, 'buildd-unstable'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.5.0-2-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_USER
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8), LANGUAGE=es (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages grub-efi depends on:
ii grub-common 2.04-7
ii grub-efi-amd64 2.04-7
grub-efi recommends no packages.
grub-efi suggests no packages.
-- no debconf information
More information about the Pkg-grub-devel
mailing list