On Tue, Mar 09, 2021 at 05:18:22PM +0100, Daniel Kiper wrote: > On Fri, Mar 05, 2021 at 09:48:53PM +0800, Michael Chang via Grub-devel wrote: > > While attempting to dual boot Microsoft Windows with efi chainloader, it > > failed with below error when secure boot was enabled. > > > > error ../../grub-core/kern/verifiers.c:119:verification requested but > > nobody cares: /EFI/Microsoft/Boot/bootmgfw.efi. > > > > It is a regression, as previously it worked without problem. > > > > It turns out chainloading image has been locked down introduced by > > > > 578c95298 kern: Add lockdown support > > > > However we should consider it as verifiable object to shim to allow > > booting in secure boot enabled mode. The chainloaded image could also > > have trusted signature signed by vendor with their pubkey cert in db. > > For that matters it's usage should not be locked down in secure boot, > > and instead use shim to validate it's signature before running it. > > > > V2: > > Keep GRUB_FILE_TYPE_EFI_CHAINLOADED_IMAGE in the lockdown list as it > > ensures at least one verifer has validated the image. > > > > Signed-off-by: Michael Chang <mch...@suse.com> > > Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com>
May I ask if the patch is planned or going to be merged to the master hence available in the 2.06-rc1 cut ? Thanks, Michael > > Daniel > _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
