Bug#1024395: grub-efi-amd64-signed: after upgrade to 1+2.06+5 I get errors when booting (although I manage to boot)
Steve McIntyre
steve at einval.com
Sat Dec 3 16:22:40 GMT 2022
Control: severity -1 important
Hi Eric,
On Fri, Nov 18, 2022 at 07:24:32PM +0100, Eric Valette wrote:
>Package: grub-efi-amd64-bin
>Version: 1+2.06+5
>Severity: grave
>Tags: security
>Justification: user security hole
>X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
>
>After upgrade to 2.06-5, I get an error message "prohibited by secure boot policy" and it boot
>with a strange look with \xe7caracaters instead of lines.
Right. Those are both part of the security fixes that went into the
latest grub upload. It's trying to load fonts from /usr, but that's
now blocked when doing Secure Boot. It's basically cosmetic, but
obviously we don't want to leave it like this. We're talking upstream
about the best way to fix this up now.
>I build my own kernel and enrolled my owns keys, sign the linux
>kernel binarry and the mdoules with the keys. Everythong was working
>fine with 2.06-3.
>
>I also noticed that my enrolled keys is no more listed via "mokutil
>--list-enrolled". Although no key were cleared.
OK. I believe that is more likely an unrelated issue.
--
Steve McIntyre, Cambridge, UK. steve at einval.com
"C++ ate my sanity" -- Jon Rabone
More information about the Pkg-grub-devel
mailing list