Can't find a solution to a failed secure boot kernel loading

Hi everyone - I'm new here! Sorry for going with my problem directly to the grub-devel maling list, but I'm pretty sure my problem is GRUB related. Still, I've spent some hours trying to find a solution on the Internet and I failed :( So, here it comes - if anyone has time to explain my problem to

Re: [PATCH] efi: Set text-mode console resolution to maximum supported

On Fri, May 06, 2022 at 07:59:15PM -0500, Glenn Washburn wrote: > Hi Gerd, > > Thanks for taking a look at the patch. > > On Fri, 6 May 2022 12:39:52 +0200 > Gerd Hoffmann wrote: > > > Hi, > > > > > On some buggy EFI firmwares, GRUB is started with the console resolution > > > set to the max

Re: Can't find a solution to a failed secure boot kernel loading

On Tue, 2022-05-10 at 12:28 +0200, Łukasz Piątkowski wrote: > Hi everyone - I'm new here! > > Sorry for going with my problem directly to the grub-devel maling > list, but I'm pretty sure my problem is GRUB related. Still, I've > spent some hours trying to find a solution on the Internet and I > f

Re: Can't find a solution to a failed secure boot kernel loading

the MOK key as generated by Ubuntu/Debian tooling, creates a signing certificate that self-limits itself to only support Kernel Module signing. Signatures made by such certificate, are not trusted by shim for the purpose of code signing of bootloaders (i.e. grub) or kernels (i.e. linux). I also res

Re: Can't find a solution to a failed secure boot kernel loading

What I'm trying to do is to sign a mainline kernel built by ubuntu ( https://kernel.ubuntu.com/~kernel-ppa/mainline/) with my private key, that is already enrolled to MOK, and boot it with Secure Boot. > the MOK key as generated by Ubuntu/Debian tooling, creates a signing certificate that self-lim

Re: Can't find a solution to a failed secure boot kernel loading

On Tue, 10 May 2022 at 15:07, Łukasz Piątkowski wrote: > > What I'm trying to do is to sign a mainline kernel built by ubuntu > (https://kernel.ubuntu.com/~kernel-ppa/mainline/) with my private key, that > is already enrolled to MOK, and boot it with Secure Boot. > > > the MOK key as generated b

Re: Can't find a solution to a failed secure boot kernel loading

Huh, I've never seen that before... thanks, I'm gonna give it a try and report back! On Tue, May 10, 2022 at 4:44 PM Dimitri John Ledkov < dimitri.led...@canonical.com> wrote: > On Tue, 10 May 2022 at 15:07, Łukasz Piątkowski wrote: > > > > What I'm trying to do is to sign a mainline kernel buil

[PATCH v2 0/1] plainmount: Support plain encryption mode.

--- Original Message --- On Thursday, May 5th, 2022 at 6:09, Glenn Washburn wrote: > Hi Maxim, > > I just want to reiterate Daniel, for v3, please use --threaded when > using format-patch and send-email. It'll help reviewers see all the > emails in the patch series together. It is compl

[PATCH v2] efidisk: pass buffers with higher alignment

Despite the UEFI specification saying "the requirement is that the start address of a buffer must be evenly divisible by IoAlign with no remainder.", it seems that a higher alignment requirement is neecssary on some system (e.g. a Intel NUC system with NVMe SSD). That particular system has IoAlign

Re: [PATCH v2] efidisk: pass buffers with higher alignment

On 5/10/22 21:59, Stefan Agner wrote: Despite the UEFI specification saying "the requirement is that the start address of a buffer must be evenly divisible by IoAlign with no remainder.", it seems that a higher alignment requirement is neecssary on some system (e.g. a Intel NUC system with NVMe S

Re: [PATCH v2] efidisk: pass buffers with higher alignment

On 2022-05-10 22:26, Heinrich Schuchardt wrote: > On 5/10/22 21:59, Stefan Agner wrote: >> Despite the UEFI specification saying "the requirement is that the >> start address of a buffer must be evenly divisible by IoAlign with >> no remainder.", it seems that a higher alignment requirement is >> n

Re: [PATCH v2 3/3] grub-core/kern/disk.c: handle LUKS2 devices

On Mon, 09 May 2022 22:27:30 +0200 Josselin Poiret wrote: > Hello everyone, > > Glenn Washburn writes: > > > I don't really like this, but it gets the job done and is a work-around > > for a peculiarity of the LUKS2 backend. The cheat mount code for > > cryptodisk does only calls scan() and no

[PATCH 1/3] disk: Allow read hook callback to take read buffer to potentially modify it

It will be desirable in the future to allow having the read hook modify the data passed back from a read function call on a disk or file. This adds that infrustructure and has no impact on code flow for existing uses of the read hook. Also changed is that now when the read hook callback is called i

[PATCH 0/3] Cryptomount detached headers

This patch series is, I believe, a better approach to supporting detached headers for cryptomount and backends. This series will probably not apply cleanly without the changes from the recent series entitled "[PATCH 0/4] Cryptomount keyfile support". But its only because they touch code in the same

[PATCH 3/3] docs: Add documentation on detached header option to cryptomount

Signed-off-by: Glenn Washburn --- docs/grub.texi | 13 ++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/docs/grub.texi b/docs/grub.texi index 8d1536c4d..9437b46a5 100644 --- a/docs/grub.texi +++ b/docs/grub.texi @@ -4356,19 +4356,26 @@ Alias for @code{hashsum --hash cr

[PATCH 2/3] cryptodisk: Add --header option to cryptomount to support detached headers

Add a --header (short -H) option to cryptomount which takes a file argument. Using the improved read hook, setup a read hook on the source device which will read from the given header file during the scan and recovery cryptodisk backend functions. This makes supporting detached headers transparent