Hi, On 28/06/2024 12:52, Cyril Brulebois wrote: > Cyril Brulebois <k...@debian.org> (2024-06-28): >> I've just built a netboot-gtk mini.iso against unstable, including the >> new kernel. A regular “almost all defaults” (except French to check >> things like translations, keymap fun, etc.) install on UEFI gave an >> overall successful installation according to d-i, but it doesn't boot: >> >> Verifying shim SBAT data failed: Security Policy Violation
I see this too in my QEMU with UEFI secure boot turned on (I am running testing on my host). I've used an older live ISO image, which I have successfully booted in the past, and it shows the same error message, before turning the VM off.
I've rebuilt some live images (standard) [2], and only the sid image is booting fine. The official debian-live-12.6.0-amd64-standard.iso has the same issue (I've verified the sha256sum)
The error message originate from shim: https://sources.debian.org/src/shim/15.8-1/shim.c/#L1932 https://sources.debian.org/src/shim/15.7-1/shim.c/#L1736 It turns out, that my UEFI variables are causing this issue.When I use the unmodified OVMF_VARS_4M.ms.fd, all images I mentioned earlier boot properly.
The offending file could not be attached, it is too big for this mailing list. I can send it by private mail.
Who can find out which part in this file is causing the issue? Or which tools do I need to use to debug this?
With kind regards, Roland Clobus [1] debian-live-12.4.0-amd64-gnome.iso [2] bookworm, testing and sid
OpenPGP_signature.asc
Description: OpenPGP digital signature
