Bug#1127556: grub-efi-amd64-signed: 'shim_lock verifier_init:177:prohibited by secure boot policy' error
Adilson dos Santos Dantas
adilson at adilson.net.br
Mon Feb 9 19:46:15 GMT 2026
Package: grub-efi-amd64-unsigned
Version: 1+2.14+1
Severity: normal
X-Debbugs-Cc: debian-amd64 at lists.debian.org
User: debian-amd64 at lists.debian.org
Usertags: amd64
Dear Maintainer,
I got this error after updating grub and it appears after a kernel update.
It can be reproduced by these steps.
Update grub2 and grub-efi-amd64-signed to 2.14-1
Install any new kernel or
Run the following commands
update-grub
grub-install
Reboot and, for a few seconds, it's throw this error:
grub-core/kern/efi/sb.c/shim_lock verifier_init:177:prohibited by secure
boot policy
And it boots normally after this error.
Reverting back to 2.14~git20250718.0e36779+2 fixes this.
-- System Information:
Debian Release: forky/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.19.0 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8),
LANGUAGE=pt_BR:pt:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages grub-efi-amd64-signed depends on:
ii grub2-common 2.14-1
Versions of packages grub-efi-amd64-signed recommends:
ii shim-signed 1.47+15.8-1
grub-efi-amd64-signed suggests no packages.
Versions of packages grub-efi-amd64-unsigned depends on:
ii grub2-common 2.14-1
-- no debconf information
--
Adilson dos Santos Dantas
https://www.adilson.net.br
https://bsky.adilson.net.br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20260209/78bb4a88/attachment.htm>
More information about the Pkg-grub-devel
mailing list