Hi Dimitri, Thanks for detailed response. Sorry for bit late response.
We are generating own keys and signing with same. You can kindly have a look at the steps, which are followed for Generating Secure Keys and Secure Busybox boot https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/master/docs/infra/common/secure-boot.rst In addition, during UEFI Secureboot image building, Grub image is signed with following command- sbsign --key DB.key --cert DB.crt --output bootaa64_signed.efi bootaa64.efi And also Kernel Image is signed - sbsign --key DB.key --cert DB.crt --output Image_signed Image We don't intend to Shim, but if we use "--disable-shim-lock" then the image is locked down. Does that mean we need to implement a new verifier as you suggested in one of your point? Thanks, Sayanta From: Dimitri John Ledkov <x...@ubuntu.com> Sent: Thursday, July 8, 2021 4:21 PM To: Sayanta Pattanayak <sayanta.pattana...@arm.com> Cc: The development of GNU GRUB <grub-devel@gnu.org>; nd <n...@arm.com> Subject: Re: UEFI Secureboot not succeeding with Grub 2.06 and later version Hi, The below mentioned commands are useful. Hence we need to debug this further and establish further details about your setup. 1) which keys are in DB? ( mokutil --db --list-enrolled ) 2) which keys are used to sign grub image? ( sbverify --list grub*.efi ) 3) which keys are used to sign grub image? ( sbverify --list Image ) 4) since shim verifier was not disabled during grub mkimage build, which Shim did you compile, with what toolchain, and which keys was it signed with? 5) if you don't want to use Shim (and loose ability for users to enroll their own machine owner key, and revoke grub via sbat revocation - if underlying firmware can do those things i.e. secure edk2 builds), you must create grub image with disable shim lock verifier option. 6) if you do not want to sbsign kernel image using secureboot keys, you can alternative provide detached gpg signature and create grub image with a gpg public key built-in. 8) maybe there is some other way to verify kernel, i.e. you could implement a new verifier module that that use calls to a prior stage bootloader or firmware to verify kernel authenticity. 9) if you do not want to sign kernel at all in any way, you must disable secureboot at either firmware level (SecureBoot variable) or shim/grub/linux-only level (MokSBState see mokutil --disable-validation). Because if firmware SecureBoot is on, and mokutil validation is on, loading unverifiable kernels is not supported in grub 2.06 thanks to implementing lockdown. If the kernel is expected to be verifiable and yet fails to verify please provide further details. We have experienced buggy compilers, binutils, sbsign tooling which would produce invalid / unverifiable signatures in the past. Also we have seen buggy firmware that fail to verify correctly signed binaries. On Thu, 8 Jul 2021, 08:05 Sayanta Pattanayak, <sayanta.pattana...@arm.com<mailto:sayanta.pattana...@arm.com>> wrote: Hi Daniel, Thanks for your reply and hope you had a great vacation. We use Upstream 2.06 tagged version. Mentioning below the Build Commands and Console Output. >-----Original Message----- >From: Daniel Kiper <dki...@net-space.pl<mailto:dki...@net-space.pl>> >Sent: Wednesday, July 7, 2021 6:45 PM >To: Sayanta Pattanayak ><sayanta.pattana...@arm.com<mailto:sayanta.pattana...@arm.com>> >Cc: grub-devel@gnu.org<mailto:grub-devel@gnu.org>; nd ><n...@arm.com<mailto:n...@arm.com>>; >javi...@redhat.com<mailto:javi...@redhat.com>; >x...@ubuntu.com<mailto:x...@ubuntu.com>; >pjo...@redhat.com<mailto:pjo...@redhat.com>; >l...@nuviainc.com<mailto:l...@nuviainc.com> >Subject: Re: UEFI Secureboot not succeeding with Grub 2.06 and later version > >Hi Sayanta, > >Sorry for late reply but I am just recovering after vacation... > >CC-ing Javier, Dimitri, Peter and Leif. > >On Thu, Jul 01, 2021 at 03:23:03PM +0000, Sayanta Pattanayak wrote: >> Hi All, >> I am new to grub and UEFI secure boot and so a beginners question. >> UEFI secureboot on a Arm64 platform works fine with Grub 2.04 version. >> The linux kernel image is authenticated and loaded. But the same with >> Grub 2.06 version does not progress - following error messages are >> displayed. >> >> error: shim_lock protocol not found. >> error: you need to load the kernel first. >> >> With reference of >> "https://www.mail-archive.com/help-grub@gnu.org/msg05375.html";, >> created Grub image with "--disable-shim-lock" option. This change >> solved the "shim_lock" error but then the following error message >> started appearing- >> >> error: verification requested but nobody cares: /Image. >> error: you need to load the kernel first. >> Press any key to continue... >> >> A large set of patches addressing bootHole vulnerability >> (https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html) >> have been merged in the Grub 2.06 version. Does this change the way >> images are signed or is there any other change introduced that >> required UEFI secure boot to be handled differently on the platform. >> >> Request any suggestion that would help validate UEFI secure boot with >> Grub 2.06 and later version. > >Do you use GRUB 2.06 upstream or a Linux distribution variant? If upstream >could you provide us commands used to build the GRUB and console output >when debug is enabled, i.e. "set debug=all"? > Commands used - ./autogen.sh ./configure STRIP=gcc-arm-10.2-2020.11-x86_64-aarch64-none-linux-gnu/bin/aarch64-none-linux-gnu-strip --target=aarch64-none-linux-gnu --with-platform=efi --prefix=grub/output/ --disable-werror Make make -j $PARALLELISM install output/bin/grub-mkimage -v -c ${GRUB_PLAT_CONFIG_FILE} -o output/grubaa64.efi -O arm64-efi -p "" part_gpt part_msdos ntfs ntfscomp hfsplus fat ext2 normal chain boot configfile linux help part_msdos terminal terminfo configfile lsefi search normal gettext loadenv read search_fs_file search_fs_uuid search_label Following is the console output when "--disable-shim-lock" Not used - [2J[04D[=3h[2J[09DPress ESCAPE for boot options ...........[Bds]Booting UEFI Non-Block Boot Device [Bds]Booting UEFI Misc Device [Bds]Booting UEFI Misc Device 2 Installed Fat filesystem on FE6E9318 Loading driver at 0x000F9264000 EntryPoint=0x000F9265000 Loading driver at 0x000F9264000 EntryPoint=0x000F9265000 [0m[30m[47mWelcome to GRUB! [0m[37m[40mscript/script.c:65: free 0x81fff49d60 script/script.c:65: free 0x81fff49da0 script/script.c:65: free 0x81fff49de0 script/script.c:65: free 0x81fff497c0 script/script.c:65: free 0x81fff49820 script/script.c:65: free 0x81fff49860 script/script.c:65: free 0x81fff498c0 script/script.c:65: free 0x81fff49920 script/script.c:65: free 0x81fff49b40 script/script.c:65: free 0x81fff49960 script/script.c:65: free 0x81fff499a0 script/script.c:65: free 0x81fff49a00 script/script.c:65: free 0x81fff49a40 script/script.c:65: free 0x81fff49c20 script/script.c:65: free 0x81fff49c80 script/script.c:65: free 0x81fff49cc0 script/lexer.c:336: token 288 text [set] script/script.c:50: malloc 0x81fff49cc0 script/script.c:50: malloc 0x81fff49c80 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49c20 script/lexer.c:336: token 289 text [term=] script/script.c:50: malloc 0x81fff49a40 script/script.c:50: malloc 0x81fff49a00 script/lexer.c:336: token 289 text [vt100] script/script.c:50: malloc 0x81fff499a0 script/script.c:50: malloc 0x81fff49960 script/lexer.c:336: token 289 text [] script/script.c:50: malloc 0x81fff49900 script/script.c:50: malloc 0x81fff498c0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49860 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff49800 script/script.c:50: malloc 0x81fff497c0 script/script.c:198: cmdline script/script.c:50: malloc 0x81fff49760 script/lexer.c:336: token 0 text [] script/script.c:50: malloc 0x81fff49de0 script/script.c:50: malloc 0x81fff49da0 script/script.c:294: append command script/script.c:50: malloc 0x81fff49d60 kern/verifiers.c:212: string: set term=vt100, type: 2 script/script.c:65: free 0x81fff49d60 script/script.c:65: free 0x81fff49da0 ... script/script.c:294: append command script/script.c:50: malloc 0x81fff49d60 kern/verifiers.c:212: string: set timeout=1, type: 2 script/script.c:65: free 0x81fff49d60 ... script/script.c:65: free 0x81fff49cc0 script/lexer.c:336: token 288 text [search] script/script.c:50: malloc 0x81fff49de0 script/script.c:50: malloc 0x81fff49c60 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49c00 script/lexer.c:336: token 289 text [--set=root] script/script.c:50: malloc 0x81fff49a20 script/script.c:50: malloc 0x81fff499e0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49980 script/lexer.c:336: token 289 text [--fs-uuid] script/script.c:50: malloc 0x81fff49920 script/script.c:50: malloc 0x81fff498e0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49880 script/lexer.c:336: token 289 text [535add81-5875-4b4a-b44a-464aee5f5cbd] script/script.c:50: malloc 0x81fff496e0 script/script.c:50: malloc 0x81fff49680 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49620 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff495c0 script/script.c:50: malloc 0x81fff49580 script/script.c:198: cmdline script/script.c:50: malloc 0x81fff49520 script/lexer.c:336: token 0 text [] script/script.c:50: malloc 0x81fff49d80 script/script.c:50: malloc 0x81fff49d40 script/script.c:294: append command script/script.c:50: malloc 0x81fff49d00 kern/verifiers.c:212: string: search --set=root --fs-uuid 535add81-5875-4b4a-b44a-464aee5f5cbd, type: 2 disk/efi/efidisk.c:413: iterating hd0 kern/disk.c:196: Opening `hd0'... disk/efi/efidisk.c:482: opening hd0 disk/efi/efidisk.c:511: m = 0xfe6e8dc0, last block = 6efff, block size = 200, io align = 0 disk/efi/efidisk.c:531: opening hd0 succeeded kern/fs.c:56: Detecting ext2... kern/fs.c:78: ext2 detection failed. kern/fs.c:56: Detecting fat... kern/fs.c:78: fat detection failed. kern/fs.c:56: Detecting hfsplus... kern/fs.c:78: hfsplus detection failed. kern/fs.c:56: Detecting ntfs... kern/fs.c:78: ntfs detection failed. kern/disk.c:295: Closing `hd0'. disk/efi/efidisk.c:540: closing hd0 kern/disk.c:196: Opening `hd0'... disk/efi/efidisk.c:482: opening hd0 disk/efi/efidisk.c:511: m = 0xfe6e8dc0, last block = 6efff, block size = 200, io align = 0 disk/efi/efidisk.c:531: opening hd0 succeeded partmap/gpt.c:93: Read a valid GPT header partmap/gpt.c:115: GPT entry 0: start=2048, length=40959 partmap/msdos.c:184: partition 0: flag 0x0, type 0x0, start 0x0, len 0x0 partmap/msdos.c:184: partition 1: flag 0x0, type 0x0, start 0x0, len 0x0 partmap/msdos.c:184: partition 2: flag 0x0, type 0x0, start 0x0, len 0x0 partmap/msdos.c:184: partition 3: flag 0x0, type 0x0, start 0x0, len 0x0 partmap/gpt.c:115: GPT entry 1: start=43008, length=409599 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xa800 from hd0 kern/disk.c:295: Closing `hd0'. disk/efi/efidisk.c:540: closing hd0 kern/disk.c:196: Opening `hd0,gpt2'... disk/efi/efidisk.c:482: opening hd0 disk/efi/efidisk.c:511: m = 0xfe6e8dc0, last block = 6efff, block size = 200, io align = 0 disk/efi/efidisk.c:531: opening hd0 succeeded partmap/gpt.c:93: Read a valid GPT header partmap/gpt.c:115: GPT entry 0: start=2048, length=40959 partmap/gpt.c:115: GPT entry 1: start=43008, length=409599 kern/fs.c:56: Detecting ext2... disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xaa00 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xac00 from hd0 kern/disk.c:295: Closing `hd0'. disk/efi/efidisk.c:540: closing hd0 script/script.c:65: free 0x81fff49d00 script/script.c:65: free 0x81fff49d40 ... script/script.c:65: free 0x81fff49de0 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff49cc0 script/script.c:50: malloc 0x81fff49c80 script/lexer.c:336: token 0 text [] script/script.c:50: malloc 0x81fff49de0 script/script.c:50: malloc 0x81fff49da0 script/script.c:65: free 0x81fff49da0 script/script.c:65: free 0x81fff49de0 script/script.c:65: free 0x81fff49c80 script/script.c:65: free 0x81fff49cc0 script/lexer.c:336: token 288 text [menuentry] script/script.c:50: malloc 0x81fff49cc0 script/script.c:50: malloc 0x81fff49c80 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49c20 script/lexer.c:336: token 289 text [] script/script.c:50: malloc 0x81fff49a40 script/script.c:50: malloc 0x81fff49a00 script/lexer.c:336: token 289 text [SGI-575 BusyBox] script/script.c:50: malloc 0x81fff499a0 script/script.c:50: malloc 0x81fff49960 script/lexer.c:336: token 289 text [] script/script.c:50: malloc 0x81fff49900 script/script.c:50: malloc 0x81fff498c0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49860 script/lexer.c:336: token 266 text [{] script/script.c:50: malloc 0x81fff49800 script/script.c:50: malloc 0x81fff497c0 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff49640 script/script.c:50: malloc 0x81fff49600 script/lexer.c:336: token 288 text [linux] script/script.c:50: malloc 0x81fff494e0 script/script.c:50: malloc 0x81fff494a0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49440 script/lexer.c:336: token 289 text [/Image] script/script.c:50: malloc 0x81fff49320 script/script.c:50: malloc 0x81fff492e0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49280 script/lexer.c:336: token 289 text [acpi=force] script/script.c:50: malloc 0x81fff49220 script/script.c:50: malloc 0x81fff491e0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49180 script/lexer.c:336: token 289 text [console=ttyAMA0,115200] script/script.c:50: malloc 0x81fff49120 script/script.c:50: malloc 0x81fff490c0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49060 script/lexer.c:336: token 289 text [ip=dhcp] script/script.c:50: malloc 0x81fff49000 script/script.c:50: malloc 0x81fff48fc0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff48f60 script/lexer.c:336: token 289 text [root=PARTUUID=9c53a91b-e182-4ff1-aeac-6ee2c432ae94] script/script.c:50: malloc 0x81fff48da0 script/script.c:50: malloc 0x81fff48d20 script/script.c:163: arglist script/script.c:50: malloc 0x81fff48cc0 script/lexer.c:336: token 288 text [rootwait] script/script.c:50: malloc 0x81fff48c60 script/script.c:50: malloc 0x81fff48c20 script/script.c:163: arglist script/script.c:50: malloc 0x81fff48bc0 script/lexer.c:336: token 288 text [verbose] script/script.c:50: malloc 0x81fff48b60 script/script.c:50: malloc 0x81fff48b20 script/script.c:163: arglist script/script.c:50: malloc 0x81fff48ac0 script/lexer.c:336: token 288 text [debug] script/script.c:50: malloc 0x81fff48a60 script/script.c:50: malloc 0x81fff48a20 script/script.c:163: arglist script/script.c:50: malloc 0x81fff489c0 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff48960 script/script.c:50: malloc 0x81fff48920 script/script.c:198: cmdline script/script.c:50: malloc 0x81fff488c0 script/script.c:294: append command script/script.c:50: malloc 0x81fff48880 script/lexer.c:336: token 288 text [initrd] script/script.c:50: malloc 0x81fff48720 script/script.c:50: malloc 0x81fff486e0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff48680 script/lexer.c:336: token 289 text [/ramdisk-busybox.img] script/script.c:50: malloc 0x81fff48620 script/script.c:50: malloc 0x81fff485c0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff48560 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff48500 script/script.c:50: malloc 0x81fff484c0 script/script.c:198: cmdline script/script.c:50: malloc 0x81fff48460 script/script.c:294: append command script/lexer.c:336: token 267 text [}] script/script.c:50: malloc 0x81fff48300 script/script.c:50: malloc 0x81fff482c0 script/script.c:50: malloc 0x81fff481e0 script/script.c:50: malloc 0x81fff49760 script/script.c:50: malloc 0x81fff48100 script/script.c:163: arglist script/script.c:50: malloc 0x81fff48040 script/script.c:198: cmdline script/script.c:50: malloc 0x81fff47fe0 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff47f80 script/script.c:50: malloc 0x81fff47f40 script/lexer.c:336: token 0 text [] script/script.c:50: malloc 0x81fff48400 script/script.c:50: malloc 0x81fff483c0 script/script.c:294: append command script/script.c:50: malloc 0x81fff47f00 kern/verifiers.c:212: string: menuentry SGI-575 BusyBox { linux /Image acpi=force console=ttyAMA0,115200 ip=dhcp root=PARTUUID=9c53a91b-e182-4ff1-aeac-6ee2c432ae94 rootwait verbose debug initrd /ramdisk-busybox.img }, type: 2 script/script.c:65: free 0x81fff47f00 script/script.c:65: free 0x81fff483c0 script/script.c:65: free 0x81fff48400 script/script.c:65: free 0x81fff47f40 ... script/script.c:65: free 0x81fff49440 script/script.c:65: free 0x81fff494a0 script/script.c:65: free 0x81fff494e0 script/script.c:65: free 0x81fff49600 script/script.c:65: free 0x81fff49640 kern/disk.c:295: Closing `hd0'. disk/efi/efidisk.c:540: closing hd0 [0m[30m[40m[2J[01;01H[0m[37m[40m[02;30HGNU GRUB version 2.11 [01C/----------------------------------------------------------------------------\[05;02H|[76C|[06;02H|[76C|[07;02H|[76C|[08;02H|[76C|[09;02H|[76C|[10;02H|[76C|[11;02H|[76C|[12;02H|[76C|[13;02H|[76C|[14;02H|[76C|[15;02H|[76C|[16;02H|[76C|[17;02H|[76C|[18;02H\----------------------------------------------------------------------------/[19;02H[20;02H Use the ^ and v keys to select which entry is highlighted. Press enter to boot the selected OS, `e' to edit the commands before booting or `c' for a command-line. [05;80H [0m[30m[47m[05;03H*SGI-575 BusyBox [0m[37m[40m[01D[06;03H [01D[07;03H [01D[08;03H [01D[09;03H [01D[10;03H [01D[11;03H [01D[12;03H [01D[13;03H [01D[14;03H [01D[15;03H [01D[16;03H [01D[17;03H [01D[02C [05;78H[23;01H The highlighted entry will be executed automatically in 1s. [05;78H[23;01H The highlighted entry will be executed automatically in 0s. [05;78H[0m[30m[40m[2J[01;01H[0m[37m[40m Booting `SGI-575 BusyBox' script/lexer.c:336: token 288 text [setparams] script/script.c:50: malloc 0x81fff4a6a0 script/script.c:50: malloc 0x81fff4a660 script/script.c:163: arglist script/script.c:50: malloc 0x81fff4a600 script/lexer.c:336: token 289 text [] script/script.c:50: malloc 0x81fff4a420 script/script.c:50: malloc 0x81fff4a3e0 script/lexer.c:336: token 289 text [SGI-575 BusyBox] script/script.c:50: malloc 0x81fff4a380 script/script.c:50: malloc 0x81fff4a340 script/lexer.c:336: token 289 text [] script/script.c:50: malloc 0x81fff4a2e0 script/script.c:50: malloc 0x81fff4a2a0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff4a240 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff4a1e0 script/script.c:50: malloc 0x81fff4a1a0 script/script.c:198: cmdline script/script.c:50: malloc 0x81fff4a140 script/lexer.c:336: token 0 text [] script/script.c:50: malloc 0x81fff4a7c0 script/script.c:50: malloc 0x81fff4a780 script/script.c:294: append command script/script.c:50: malloc 0x81fff4a740 kern/verifiers.c:212: string: setparams SGI-575 BusyBox, type: 2 script/script.c:65: free 0x81fff4a740 script/script.c:65: free 0x81fff4a780 ... script/script.c:65: free 0x81fff4a660 script/script.c:65: free 0x81fff4a6a0 script/lexer.c:336: token 288 text [linux] script/script.c:50: malloc 0x81fff4a7c0 script/script.c:50: malloc 0x81fff4a5c0 script/script.c:163: arglist script/script.c:50: malloc 0x81fff4a560 script/lexer.c:336: token 289 text [/Image] script/script.c:50: malloc 0x81fff4a380 script/script.c:50: malloc 0x81fff4a340 script/script.c:163: arglist script/script.c:50: malloc 0x81fff4a2e0 script/lexer.c:336: token 289 text [acpi=force] script/script.c:50: malloc 0x81fff4a280 script/script.c:50: malloc 0x81fff4a240 script/script.c:163: arglist script/script.c:50: malloc 0x81fff4a1e0 script/lexer.c:336: token 289 text [console=ttyAMA0,115200] script/script.c:50: malloc 0x81fff4a180 script/script.c:50: malloc 0x81fff4a120 script/script.c:163: arglist script/script.c:50: malloc 0x81fff4a0c0 script/lexer.c:336: token 289 text [ip=dhcp] script/script.c:50: malloc 0x81fff4a060 script/script.c:50: malloc 0x81fff4a020 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49fc0 script/lexer.c:336: token 289 text [root=PARTUUID=9c53a91b-e182-4ff1-aeac-6ee2c432ae94] script/script.c:50: malloc 0x81fff49d00 script/script.c:50: malloc 0x81fff49c80 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49c20 script/lexer.c:336: token 288 text [rootwait] script/script.c:50: malloc 0x81fff49bc0 script/script.c:50: malloc 0x81fff49b80 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49b20 script/lexer.c:336: token 288 text [verbose] script/script.c:50: malloc 0x81fff49ac0 script/script.c:50: malloc 0x81fff49a80 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49a20 script/lexer.c:336: token 288 text [debug] script/script.c:50: malloc 0x81fff499c0 script/script.c:50: malloc 0x81fff49980 script/script.c:163: arglist script/script.c:50: malloc 0x81fff49920 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff498c0 script/script.c:50: malloc 0x81fff49880 script/script.c:198: cmdline script/script.c:50: malloc 0x81fff49820 script/lexer.c:336: token 0 text [] script/script.c:50: malloc 0x81fff4a760 script/script.c:50: malloc 0x81fff4a720 script/script.c:294: append command script/script.c:50: malloc 0x81fff4a6e0 kern/verifiers.c:212: string: linux /Image acpi=force console=ttyAMA0,115200 ip=dhcp root=PARTUUID=9c53a91b-e182-4ff1-aeac-6ee2c432ae94 rootwait verbose debug, type: 2 kern/disk.c:196: Opening `hd0,gpt2'... disk/efi/efidisk.c:482: opening hd0 disk/efi/efidisk.c:511: m = 0xfe6e8dc0, last block = 6efff, block size = 200, io align = 0 disk/efi/efidisk.c:531: opening hd0 succeeded partmap/gpt.c:93: Read a valid GPT header partmap/gpt.c:115: GPT entry 0: start=2048, length=40959 partmap/gpt.c:115: GPT entry 1: start=43008, length=409599 kern/fs.c:56: Detecting ext2... kern/verifiers.c:88: file: /Image type: 3 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xcc40 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xcc80 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xccc0 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xcd00 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0xcd40 from hd0 ... disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0x1db80 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0x1dbc0 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0x1dc00 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0x1dc40 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0x1dc80 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0x1dcc0 from hd0 disk/efi/efidisk.c:593: reading 0x40 sectors at the sector 0x1dd00 from hd0 kern/disk.c:295: Closing `hd0'. disk/efi/efidisk.c:540: closing hd0 error: shim_lock protocol not found. script/script.c:65: free 0x81fff4a6e0 script/script.c:65: free 0x81fff4a720 script/script.c:65: free 0x81fff4a760 script/script.c:65: free 0x81fff49820 ... script/script.c:65: free 0x81fff4a560 script/script.c:65: free 0x81fff4a5c0 script/script.c:65: free 0x81fff4a7c0 script/lexer.c:336: token 288 text [initrd] script/script.c:50: malloc 0x81fff4a660 script/script.c:50: malloc 0x81fff4a620 script/script.c:163: arglist script/script.c:50: malloc 0x81fff4a5c0 script/lexer.c:336: token 289 text [/ramdisk-busybox.img] script/script.c:50: malloc 0x81fff4a3e0 script/script.c:50: malloc 0x81fff4a380 script/script.c:163: arglist script/script.c:50: malloc 0x81fff4a320 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff4a2c0 script/script.c:50: malloc 0x81fff4a280 script/script.c:198: cmdline script/script.c:50: malloc 0x81fff4a220 script/lexer.c:336: token 0 text [] script/script.c:50: malloc 0x81fff4a780 script/script.c:50: malloc 0x81fff4a740 script/script.c:294: append command script/script.c:50: malloc 0x81fff4a700 kern/verifiers.c:212: string: initrd /ramdisk-busybox.img, type: 2 error: you need to load the kernel first. script/script.c:65: free 0x81fff4a700 script/script.c:65: free 0x81fff4a740 script/script.c:65: free 0x81fff4a780 ... script/script.c:65: free 0x81fff4a660 script/lexer.c:336: token 259 text [] script/script.c:50: malloc 0x81fff4a6a0 script/script.c:50: malloc 0x81fff4a660 script/lexer.c:336: token 0 text [] script/script.c:50: malloc 0x81fff4a7c0 script/script.c:50: malloc 0x81fff4a780 script/script.c:65: free 0x81fff4a780 script/script.c:65: free 0x81fff4a7c0 script/script.c:65: free 0x81fff4a660 script/script.c:65: free 0x81fff4a6a0 Press any key to continue... >Daniel Thanks, Sayanta
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
