Bug#958925: grub-efi: Does not sign EFI entries.

Santiago José López Borrazás sjlopezb at gmx.es
Tue Apr 28 11:22:37 BST 2020 

El 27/4/20 a las 17:36, Steve McIntyre escribió:

It brings all this upside down, and it's already spinning me around.

I have followed this:

https://wiki.debian.org/GrubEFIReinstall

Best of all, it had another entry that led me to another file that did have
the GRUB signature, but for "Secure Boot".

In /boot/efi/EFI I have all this:

root at local:/boot/efi/EFI# ls -l
total 16
drwx------ 4 root root 4096 abr 28 11:31 .
drwx------ 4 root root 4096 ene  1  1970 ..
drwx------ 2 root root 4096 abr 28 01:48 boot
drwx------ 2 root root 4096 abr 28 01:48 debian

In boot is only bootx64.efi

In debian only grubx64.efi and grub.cfg (this files only executing on the
without "Secure Boot".

I created an entry with the efibootmgr command, as follows:

efibootmgr -c -d /dev/sda -p 1 -L Debian -l /EFI/boot/bootx64.efi

I had 2 entries, which are somewhat similar, and I remember that I had to
have another file called efiboot.efi, or something like that, which did come
signed. What do I think is with the file grubnetx64.efi.signed or
grubnetx64-installer.efi.signed (I see that they are 2 files the same, but
with different input methods. These are in the grub-efi-amd-signed package).

But I don't remember how I regenerate this, although I do have this:

BootCurrent: 0001
Timeout: 1 seconds
BootOrder: 0001,0000
Boot0000* Windows Boot Manager 
HD(2,GPT,c2bdbf40-04ac-41ad-9773-c5d874927e08,0x109000,0x32000)/File(\EFI\MICROSOFT\BOOT\BOOTMGFW.EFI)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}....................
Boot0001* debian       
HD(1,GPT,569385db-cb51-4599-b31b-fc1791d4bd0e,0x800,0x100000)/File(\EFI\debian\grubx64.efi).

I had to delete one of the entries I have from efiboot.efi, because it did
not work for me. And I had to format the ESP partition of the EFI this.

Now I don't know how to regenerate all this.

I did everything, I've been thinking about this for almost 24 hours, because
I thought it was my fault, but no.

I will have to reinstall everything from scratch.

Thanks.

--
Saludos de Santiago José López Borrazás.
Enviando desde Mozilla Thunderbird.

More information about the Pkg-grub-devel mailing list