Hi Sayanta, Sorry for late reply but I am just recovering after vacation...
CC-ing Javier, Dimitri, Peter and Leif. On Thu, Jul 01, 2021 at 03:23:03PM +0000, Sayanta Pattanayak wrote: > Hi All, > I am new to grub and UEFI secure boot and so a beginners question. > UEFI secureboot on a Arm64 platform works fine with Grub 2.04 version. > The linux kernel image is authenticated and loaded. But the same with > Grub 2.06 version does not progress - following error messages are > displayed. > > error: shim_lock protocol not found. > error: you need to load the kernel first. > > With reference of > "https://www.mail-archive.com/help-grub@gnu.org/msg05375.html";, > created Grub image with "--disable-shim-lock" option. This change > solved the "shim_lock" error but then the following error message > started appearing- > > error: verification requested but nobody cares: /Image. > error: you need to load the kernel first. > Press any key to continue... > > A large set of patches addressing bootHole vulnerability > (https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html) > have been merged in the Grub 2.06 version. Does this change the way > images are signed or is there any other change introduced that > required UEFI secure boot to be handled differently on the platform. > > Request any suggestion that would help validate UEFI secure boot with > Grub 2.06 and later version. Do you use GRUB 2.06 upstream or a Linux distribution variant? If upstream could you provide us commands used to build the GRUB and console output when debug is enabled, i.e. "set debug=all"? Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
