Re: Bad shim signature on kernel loading with patchset from 25.05.2023 a

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bad shim signature on kernel loading with patchset from 25.05.2023 a

From:	Tobias Powalowski
Subject:	Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up
Date:	Mon, 26 Jun 2023 09:49:19 +0200

Hi,

removing it removes the error, but boot does not happen then. It errors now with: cannot load image.

greetings

tpowa

Am Mo., 26. Juni 2023 um 09:06 Uhr schrieb Thomas Frauendorfer <thomas.frauendorfer@gmail.com>:

On Thu, Jun 22, 2023 at 3:00 PM Tobias Powalowski via Grub-devel
<grub-devel@gnu.org> wrote:
>
> Hi,
> just curious since the patchset from 25.05.2023, I cannot use Secure Boot on my project anymore. The kernel hash cannot be validated anymore and shim bails out with bad shim signature.
> Any help would be appreciated.
> greetings
> tpowa

According to shim documentation the shim lock protocol should use SysV
abi instead of MS abi.
So could you try if it solves your issue if you remove
"__grub_efi_api" from the verify function of
grub_efi_shim_lock_protocol in include/grub/efi/api.h in around line
1780

Tobias Powalowski

Arch Linux Developer & Package Maintainer (tpowa)

https://www.archlinux.org

tpowa@archlinux.org

Archboot Developer

https://archboot.com

St. Martin-Apotheke

Herzog-Georg-Str. 25

89415 Lauingen

https://www.st-martin-apo.de

info@st-martin-apo.de

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up, (continued)

Prev by Date: Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up
Next by Date: Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up
Previous by thread: Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up
Next by thread: Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up
Index(es):
- Date
- Thread