Hi, I generated a pr/pk pair and the kernel is signed. Placed them in the kernel tree and compiled the kernel.
Could someone tell me what am I doing wrong please ? Below is the status (I am using loader.efi from linuxfoundation) When i boot debian stock kernel signed, i see that the secure boot gets enabled (hence bios and everything else seems to be fine with the same UEFI loader). However, when I boot the compiled kernel I get $ dmesg | grep -i secure [ 0.007085] Secure boot could not be determined $ sbverify --list bootx64.efi warning: data remaining[91472 vs 101160]: gaps between PE/COFF sections? signature 1 image signature issuers: - /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011 image signature certificates: - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/OU=MOPR/CN=Microsoft Windows UEFI Driver Publisher issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011 - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011 issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation Third Party Marketplace Root $ sbverify --list ./loader.efi signature 1 image signature issuers: - /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv image signature certificates: - subject: /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv issuer: /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv $ sbverify --list ../../linux/k.bcv signature 1 image signature issuers: - /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv image signature certificates: - subject: /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv issuer: /C=GB/ST=England/L=London/O=BHASKER/CN=bcvm.bcvm.bcv
