Re: Bad shim signature on kernel loading with patchset from 25.05.2023 a

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bad shim signature on kernel loading with patchset from 25.05.2023 a

From:	Ard Biesheuvel
Subject:	Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up
Date:	Fri, 23 Jun 2023 19:41:34 +0200

On Fri, 23 Jun 2023 at 16:18, Tobias Powalowski
<tobias.powalowski@googlemail.com> wrote:
>
> Am Fr., 23. Juni 2023 um 16:02 Uhr schrieb Daniel Kiper <dkiper@net-space.pl>:
>>
>> On Thu, Jun 22, 2023 at 11:40:47AM +0200, Tobias Powalowski via Grub-devel 
>> wrote:
>> > Hi tackled it down to this commit:
>> > https://git.savannah.gnu.org/cgit/grub.git/commit/
>> > ?id=6a080b9cde0be5d08b71daf17a806067e32fc13f
>>
>> I hope you run the GRUB with this [1] patch. If not please use the
>> latest upstream master. It has the patch in.
>>
>> It would be nice if you could give us more information about your shim,
>> GRUB and kernel versions too.
>>
>> Daniel
>>
>> [1] https://lists.gnu.org/archive/html/grub-devel/2023-06/msg00092.html
>
> Hi,
> shim and mokmanager is from fedora's signed shim 15.4/15.6 (does not matter 
> both versions don't work) from here:
> https://kojipkgs.fedoraproject.org/packages/shim/
>
> Kernel is our latest Arch Linux linux 6.3.9-arch1-1
> The kernel image is not signed. Enrolling the kernel hash through MOK manager 
> does not make it bootable anymore,
> reverting back to grub version grub-2.06.r533.g78bc9a9b2 makes it bootable.
>
> Current broken grub is in our core repository:
> grub 2.06.r566.g857af0e17-1
> All git compiled versions after my mentioned commit are not working, Daniel 
> your mentioned patch was always applied.

Could you please try applying the hunk below?

diff --git a/grub-core/loader/efi/linux.c b/grub-core/loader/efi/linux.c
index c1eef7c9865f5d0d..49b16933809dbf44 100644
--- a/grub-core/loader/efi/linux.c
+++ b/grub-core/loader/efi/linux.c
@@ -18,6 +18,7 @@

 #include <grub/charset.h>
 #include <grub/command.h>
+#include <grub/env.h>
 #include <grub/err.h>
 #include <grub/file.h>
 #include <grub/fdt.h>
@@ -458,6 +459,11 @@ grub_cmd_linux (grub_command_t cmd __attribute__
((unused)),

   grub_dl_ref (my_mod);

+#if defined(__i386__)  || defined(__x86_64__)
+  if (grub_env_get ("shim_lock") != NULL)
+    return grub_cmd_linux_x86_legacy (cmd, argc, argv);
+#endif
+
   if (argc == 0)
     {
       grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));

[Prev in Thread]

Current Thread

[Next in Thread]

Bad shim signature on kernel loading with patchset from 25.05.2023 and up, (continued)
- Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Tobias Powalowski, 2023/06/22
  - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Tobias Powalowski, 2023/06/22
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Tobias Powalowski, 2023/06/22
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Ard Biesheuvel, 2023/06/23
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Tobias Powalowski, 2023/06/23
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Dimitri John Ledkov, 2023/06/23
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Ard Biesheuvel, 2023/06/23
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Dimitri John Ledkov, 2023/06/23
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Daniel Kiper, 2023/06/23
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Tobias Powalowski, 2023/06/23
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Ard Biesheuvel <=
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Tobias Powalowski, 2023/06/23
  - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Thomas Frauendorfer, 2023/06/26
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Tobias Powalowski, 2023/06/26
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Daniel Kiper, 2023/06/26
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Tobias Powalowski, 2023/06/26
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Daniel Kiper, 2023/06/26
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Ard Biesheuvel, 2023/06/26
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Daniel Kiper, 2023/06/26
    - Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, Ard Biesheuvel, 2023/06/26

Prev by Date: RE: [EXTERNAL] Re: grub-2.06 fails to load 64bit Multiboot2 ELF with regions above 4GiB
Next by Date: Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up
Previous by thread: Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up
Next by thread: Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up
Index(es):
- Date
- Thread