On Fri, Jun 28, 2024 at 11:49:44AM +0200, Cyril Brulebois wrote: >Hi, > >I've just built a netboot-gtk mini.iso against unstable, including the >new kernel. A regular “almost all defaults” (except French to check >things like translations, keymap fun, etc.) install on UEFI gave an >overall successful installation according to d-i, but it doesn't boot: > > Verifying shim SBAT data failed: Security Policy Violation > >It's been a while since I last toyed with unstable, so I'm not sure >whether this is known already, where it's coming from, etc. Even when >built against unstable, d-i installs testing, so that shouldn't be >linked to the new Linux version running the installer, as what ends up >on disk is testing's version. > >This is the exact same test setup as for (old)stable point release >preps, with qemu/bookworm running on a bookworm system. > > kvm -m 1G -machine q35,smm=on -pflash /tmp/1/code.fd -pflash > /tmp/1/vars.fd -hda /tmp/1/sda.img > >with both pflash files initialized from those respectively: > > - /usr/share/OVMF/OVMF_CODE_4M.ms.fd > - /usr/share/OVMF/OVMF_VARS_4M.ms.fd > >Wild guess: Maybe ovmf would need to ship refreshed files? > >Can't investigate more right now, live stream and travel are next.
Hmmm. Taking a look... -- Steve McIntyre, Cambridge, UK. st...@einval.com The two hard things in computing: * naming things * cache invalidation * off-by-one errors -- Stig Sandbeck Mathisen
