Hello Sudhakar, On Mon, 2025-10-06 at 12:54 +0530, Sudhakar Kuppusamy wrote: > Enhancing the infrastructure to enable the Platform Keystore (PKS) feature, > which provides access to the SB_VERSION, db, and dbx secure boot variables > from PKS. > > If PKS is enabled, it will read secure boot variables such as db and dbx > from PKS and extract EFI Signature List (ESL) from it. The ESLs would be > saved in the Platform Keystore buffer, and the appendedsig module would > read it later to extract the certificate's details from ESL. > > In the following scenarios, static key management mode will be activated: > 1. When Secure Boot is enabled with static key management mode > 2. When SB_VERSION is unavailable but Secure Boot is enabled > 3. When PKS support is unavailable but Secure Boot is enabled > > Note:- > > SB_VERSION: Key Management Mode > 1 - Enable dynamic key management mode. Read the db and dbx variables from > PKS, > and use them for signature verification. > 0 - Enable static key management mode. Read keys from the GRUB ELF Note and > use it for signature verification. > > Signed-off-by: Sudhakar Kuppusamy <[email protected]> > Reviewed-by: Avnish Chouhan <[email protected]> > Reviewed-by: Daniel Kiper <[email protected]> > (...)
It seems that this particular change broke the grub-emu build on 32-bit PowerPC. Configuring the build with --with-platform=emu fails on 32-bit PowerPC with: /usr/bin/ld: appendedsig.module: in function `grub_mod_init': /home/glaubitz/grub/grub-core/commands/appendedsig/appendedsig.c:1615:(.text+0x2ab4): undefined reference to `grub_pks_get_keystore' /usr/bin/ld: appendedsig.module: in function `create_dbs_from_pks': /home/glaubitz/grub/grub-core/commands/appendedsig/appendedsig.c:1400:(.text+0x2c3c): undefined reference to `grub_pks_free_data' collect2: error: ld returned 1 exit status Building with --with-platform=ieee1275 succeeds, however. Please see the full build log in [1]. I previously attributed this to be a bug in the Debian package as my first test on the upstream code was just with --with-platform=ieee1275 but not with --with-platform=emu, so that I couldn't reproduce the problem with the upstream git repository code first [2]. However, it's confirmed now to be an upstream bug. Could you have a look what could be the problem with grub-emu on 32-bit PowerPC? I assume it's just missing an object file here on the linker command line or two symbols that need to be excluded for grub-emu. Thanks, Adrian > [1] > https://buildd.debian.org/status/fetch.php?pkg=grub2&arch=powerpc&ver=2.14-2&stamp=1770741231&raw=0 > [2] https://lists.gnu.org/archive/html/grub-devel/2026-02/msg00004.html -- .''`. John Paul Adrian Glaubitz : :' : Debian Developer `. `' Physicist `- GPG: 62FF 8A75 84E0 2956 9546 0006 7426 3B37 F5B5 F913 _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
