On Tue, Sep 26, 2023 at 10:20 PM Valerio Vanni <valerio.va...@inwind.it> wrote: > > Motherboard is an Asus H510M-A. > > I found the issue on latest versions of Clonezilla, but then I tried > with plain Debian live and the behavior is the same. > > Booting a recent Debian USB key do some modification on secure boot that > prevents some older OS to boot. > > The cycle is: > > 1) Machine brand new: secure boot is active, Windows 10 shows it active, > I can boot an old Clonezilla live (2.8.1-12) as many times as I want. > > 2) I boot from USB drive Debian Live 12 > https://cdimage.debian.org/debian-cd/current-live/amd64/iso-hybrid/debian-live-12.1.0-amd64-kde.iso > > A note: to trigger the issue, there's no need to go on and load OS. It's > enough to see the first page (that with grub entries) and then shutdown. > > 3) At next boots, secure boot refuses to boot from Clonezilla live > 2.8.1-12. The error is > "verification failed 0x1A security violation" > Windows 10 can still start, and shows secure boot active. Only if I > disable secure boot from BIOS, I can start clonezilla. > > 4) I reflash BIOS, same version, and go to point 1. > > Tested many times.
The failure at (3) sounds like what happened when old grub images were blacklisted in the UEFI Revocation List dbx. Also see <https://lwn.net/Articles/827403/>. You should probably stop doing (4). Jeff
