Re: UEFI secure boot
Hi, Daniel, On 16.02.2017 23:03, Daniel Kiper wrote: > On Thu, Feb 16, 2017 at 09:21:19AM +0100, Dennis Wassenberg wrote: >> Hi all, >> >> I have a question regarding grub2 in relation with UEFI secure boot. I >> do use a grub2 efi binary which is signed with sbsigntools. If the grub2 >> starts I think there is in general no information about that the grub2 >> is booted in secure boot environment. > > Why do you need that? Just to show that it is booted in secure mode. In general there are only a few devices which shows at the beginning that secureboot is active. So maybe it makes sense to show it at the booted efi application. If a user is interested in knowing if it is active or not he has to enter the Setup. In case of Lenovo there it is not shown directly if secureboot is active or not. At the secureboot tab there is shown that secureboot is enabled or not and if secureboot is in custom mode or setup mode. I believe that not every user known what this means. Thats why I think a hint if secureboot is currently active or not would make sense. > >> Is there a possibility to show that in grub2? I found no way to do that. > > If there is an use case why not. Would this be a use case? > >> Are you interested in having the possibility to show the uefi secure >> boot status (e.g. EFI variable secureboot)? > > I am going to work on shim protocol verification for Multiboot2 > compatible images. I hope that it will be taken into GRUB2 2.03. Ah ok. > > Daniel Thank you for your response. Best regards, Dennis > > ___ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel > ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: UEFI secure boot
I tried to submit a patch some time ago, where you can get SecureBoot and SetupMode variables from GRUB shell and config file: http://lists.gnu.org/archive/html/grub-devel/2016-01/msg00078.html It was abandoned for some reason. Also, I think recent patches proposed by Matthew Garrett also allow to do this On Fri, Feb 17, 2017 at 8:17 AM, Dennis Wassenberg < dennis.wassenb...@secunet.com> wrote: > Hi, Daniel, > > On 16.02.2017 23:03, Daniel Kiper wrote: > > On Thu, Feb 16, 2017 at 09:21:19AM +0100, Dennis Wassenberg wrote: > >> Hi all, > >> > >> I have a question regarding grub2 in relation with UEFI secure boot. I > >> do use a grub2 efi binary which is signed with sbsigntools. If the grub2 > >> starts I think there is in general no information about that the grub2 > >> is booted in secure boot environment. > > > > Why do you need that? > Just to show that it is booted in secure mode. In general there are only > a few devices which shows at the beginning that secureboot is active. So > maybe it makes sense to show it at the booted efi application. If a user > is interested in knowing if it is active or not he has to enter the > Setup. In case of Lenovo there it is not shown directly if secureboot is > active or not. At the secureboot tab there is shown that secureboot is > enabled or not and if secureboot is in custom mode or setup mode. I > believe that not every user known what this means. Thats why I think a > hint if secureboot is currently active or not would make sense. > > > >> Is there a possibility to show that in grub2? I found no way to do that. > > > > If there is an use case why not. > Would this be a use case? > > > >> Are you interested in having the possibility to show the uefi secure > >> boot status (e.g. EFI variable secureboot)? > > > > I am going to work on shim protocol verification for Multiboot2 > > compatible images. I hope that it will be taken into GRUB2 2.03. > Ah ok. > > > > Daniel > > Thank you for your response. > > Best regards, > Dennis > > > > ___ > > Grub-devel mailing list > > Grub-devel@gnu.org > > https://lists.gnu.org/mailman/listinfo/grub-devel > > > > ___ > Grub-devel mailing list > Grub-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/grub-devel > ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Super Grub2 Disk 2.02s7 released (GRUB 2.02~rc1)
Super Grub2 Disk 2.02s7 has been released. Downloads and more details here: http://www.supergrubdisk.org/2017/02/17/super-grub2-disk-2-02s7-released/ Super Grub2 Disk is a live cd that helps you to boot into most any Operating System (OS) even if you cannot boot into it by normal means. At its core it uses GRUB 2. This last version features GRUB 2.02~rc1 which was recently announced. You can test GRUB in many ways, installing it on your system might be one of them. Probably it's the best one because you hardly use GRUB as if it was a live cd/usb. But sometimes this is not possible. By the means of using Super Grub2 Disk, which it's a live cd/usb you can easily test it and see if there are some problems on this version without even touching your hard disk. You probably want to use the options: * Boot manually... * grub.cfg (GRUB2 configuration files) to examine how GRUB 2.02~rc1 deals with your current grub.cfg file compared to your current installed GRUB. Disclaimer: Although we use upstream GRUB sources at 2.02~rc1 git tag as a base for building Super Grub2 Disk this should not be considered as an official GRUB release. If you ever report a bug based on your Super Grub2 Disk 2.02s7 experience please mention it just in case the problem might arise because of different ./configure switches used. Note: In order to put Super Grub2 Disk image into a usb device use 'dd' command. Be aware that your usb device will be completely erased. adrian15 -- Support free software. Donate to Super Grub Disk. Apoya el software libre. Dona a Super Grub Disk. http://www.supergrubdisk.org/donate/ ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
