-
Notifications
You must be signed in to change notification settings - Fork 291
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Testing shim-15.8, cannot start grub #639
Comments
Hi @ Jurij-Ivastsuk, did you check your sbat generation number of grub ? |
@dennis-tseng99 Hi, many thanks for the tip! We do not have our own SBAT section in grubx64.efi. That could be the problem. Is the SBAT section of shim compared with the corresponding SBAT section of grub? |
Hi @Jurij-Ivastsuk, When loading grub, shim codes will also make use of verify_sbat_helper() and verify_single_entry() functions to compare component_name and generation number of grub. It will return EFI_SECURITY_VIOLATION if comparisons are failed. |
@dennis-tseng99 Thank you! |
When testing shim-15.8 I got a result that I did not expect. The following constellation:
My expectation was that if I can start shim with secure-boot enabled, then grubx64.efi should also be started by shim as a second-stage loader, because grub was signed with the same certificate as the vendor-certificate in shim.
When I started the shim (start was without any problems), grub could not be started with the following error message from shim:
Who has any idea why it is so and not as expected?
The text was updated successfully, but these errors were encountered: