Bug#1024395: grub-efi-amd64-signed: after upgrade to 1+2.06+5 I get errors when booting (although I manage to boot)
Eric Valette
eric.valette at free.fr
Fri Nov 18 18:24:32 GMT 2022
Package: grub-efi-amd64-bin
Version: 1+2.06+5
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
After upgrade to 2.06-5, I get an error message "prohibited by secure boot policy" and it boot
with a strange look with \xe7caracaters instead of lines.
I build my own kernel and enrolled my owns keys, sign the linux kernel binarry and the mdoules with the keys.
Everythong was working fine with 2.06-3.
I also noticed that my enrolled keys is no more listed via "mokutil --list-enrolled". Although no key were cleared.
-- System Information:
Debian Release: bookworm/sid
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (1, 'experimental')
merged-usr: no
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.155 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF8, LC_CTYPE=fr_FR.UTF8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages grub-efi-amd64-signed depends on:
ii grub-common 2.06-5
Versions of packages grub-efi-amd64-signed recommends:
ii shim-signed 1.38+15.4-7
grub-efi-amd64-signed suggests no packages.
Versions of packages grub-efi-amd64-bin depends on:
ii grub-common 2.06-5
Versions of packages grub-efi-amd64-bin recommends:
ii efibootmgr 17-1
-- no debconf information
More information about the Pkg-grub-devel
mailing list