Bug#989810: debian 11 rc1 boot sequence fails attempting to run secure boot code on a system that does not support secure boot

[David George Henderson III]

Package: grub-efi-amd64


Summary: The defect occurs on a bullseye.rc1 install ;

     install went normally using  bullseye rc1; booting the installed 
system fails

     the UEFI boot sequence on a system that doesn't support secure boot 
fails trying to access owner MOK



Hello Debian bullseye boot sequence team,

I dont have a screen grab and the message only stayed up a few seconds.

The system is a Dell Precision T1200 E3, 16GB of memory, SSD, installing 
off CDROM to an encrypted LVM with dedicated /boot and encrypted LVM 
partitions.

The bullseye system was installed using the bullseye rc1 system for an 
amd64 target.

Installation went normally; the difficulty lies when attempting to boot 
the installed system off the ssd.

Again, the boot time error message that briefly showed on the screen is 
that the MOK machine owner key could not be accessed.

I found a workaround using a previously installed Buster 10.9 system 
with a similar configuration:

     a) boot Buster 10.9 dvd in recovery mode

     b) rewrite the SSD bootstrap so the Buster 10.9 system boots

     c) reboot into Buster 10.9

         to diagnose what was going on I ran : mokutil --disable-validation

       the error message returned was 'this system does not support 
secure boot'

     d) update buster  /etc/grub.d/40_custom so it has the bullseye rc1 
boot stanza

     e) update grub

     f) shutdown the system

     g) boot the buster grub and select the bullseye 11 rc1 boot stanza 
present in 40_custom

bullseye rc1 now runs


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20210613/10c6dc86/attachment.htm>