Re: [PATCH] Change "efi" to "EFI" in grub-mkrescue for secure boot

2024-09-11 Thread Tobias Powalowski via Grub-devel
Back in the day I added that commit on the supergrub history because I wasn't proud enough of the SecureBoot implementation or I messed up in which branch I was pushing those changes. Right now the SecureBoot build is turned on on the main supergrub codebase. It is based on the Debian binari

Re: [PATCH] Change "efi" to "EFI" in grub-mkrescue for secure boot

2024-09-11 Thread Tobias Powalowski via Grub-devel
This is what it usually happens in a Secure Boot scenario: - UEFI Firmware loads up /BOOT/BOOTX64.EFI - BOOTX64.EFI (shim) is loaded. (Signed by Microsoft) - GRUBX64.EFI (Grub) is loaded. (Signed by Debian) - Kernel is loaded. (Signed by Debian) ... if any of the previous signatures are not va

Bad shim signature on kernel loading with patchset from 25.05.2023 and up

2023-06-22 Thread Tobias Powalowski via Grub-devel
Hi , I tackled it down to this commit: https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6a080b9cde0be5d08b71daf17a806067e32fc13f starting with this commit shim verification fails for kernel hash with bad shim verification and makes Secure Boot impossible. Hope you find a quick solution for fi

Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up

2023-06-22 Thread Tobias Powalowski via Grub-devel
Hi, further debugged it, it appears to be the patchset from Ard to cause this bad shim verification breakage. greetings tpowa -- Tobias Powalowski Arch Linux Developer & Package Maintainer (tpowa) https://www.archlinux.org tp...@archlinux.org Archboot Developer https://

Bad shim signature on kernel loading with patchset from 25.05.2023 and up

2023-06-22 Thread Tobias Powalowski via Grub-devel
Hi, just curious since the patchset from 25.05.2023, I cannot use Secure Boot on my project anymore. The kernel hash cannot be validated anymore and shim bails out with bad shim signature. Any help would be appreciated. greetings tpowa -- Tobias Powalowski Arch Linux Developer & Package Maintaine

Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up

2023-06-22 Thread Tobias Powalowski via Grub-devel
Hi tackled it down to this commit: https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6a080b9cde0be5d08b71daf17a806067e32fc13f starting with this commit shim verification fails for kernel hash with bad shim verification and makes Secure Boot impossible. Hope you find a quick solution for fixing

Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up

2023-06-23 Thread Tobias Powalowski via Grub-devel
Am Fr., 23. Juni 2023 um 15:41 Uhr schrieb Ard Biesheuvel : > On Thu, 22 Jun 2023 at 11:41, Tobias Powalowski > wrote: > > > > Hi tackled it down to this commit: > > > https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6a080b9cde0be5d08b71daf17a806067e32fc13f > > starting with this commit shim

Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up

2023-06-23 Thread Tobias Powalowski via Grub-devel
Am Fr., 23. Juni 2023 um 16:02 Uhr schrieb Daniel Kiper : > On Thu, Jun 22, 2023 at 11:40:47AM +0200, Tobias Powalowski via Grub-devel > wrote: > > Hi tackled it down to this commit: > > https://git.savannah.gnu.org/cgit/grub.git/commit/ > > ?id=6a080b9cde0be5d08b71daf17a8

Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up

2023-06-23 Thread Tobias Powalowski via Grub-devel
Hi, no that patch does not solve the issue for me, still getting shim bad signature error. greetings tpowa -- Tobias Powalowski Arch Linux Developer & Package Maintainer (tpowa) https://www.archlinux.org tp...@archlinux.org Archboot Developer https://archboot.com St. Ma

Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up

2023-06-26 Thread Tobias Powalowski via Grub-devel
Hi, removing it removes the error, but boot does not happen then. It errors now with: cannot load image. greetings tpowa Am Mo., 26. Juni 2023 um 09:06 Uhr schrieb Thomas Frauendorfer < thomas.frauendor...@gmail.com>: > On Thu, Jun 22, 2023 at 3:00 PM Tobias Powalowski via Grub-devel

Re: Bad shim signature on kernel loading with patchset from 25.05.2023 and up

2023-06-26 Thread Tobias Powalowski via Grub-devel
Am Mo., 26. Juni 2023 um 14:28 Uhr schrieb Daniel Kiper : > Hey, > > Thomas, good point. I completely missed that. > > Tobias, please try Ard patch with the change suggested by Thomas. If you > have not done that yet... > > Daniel > > Hi Daniel, Thomas and Ard, yes both together work :) Sorry have

Next Arch Linux shim_lock error with latest grub.git

2023-07-06 Thread Tobias Powalowski via Grub-devel
Hi here reported by some people: https://www.reddit.com/r/archlinux/comments/14rlz7x/latest_grub_error any idea, why this happens? From the comments section: --- The actual error message that OP meant to say is |error: symbol 'grub_is_shim_lock_enabled' not found|. So like a symbol from th

Re: Next Arch Linux shim_lock error with latest grub.git

2023-07-06 Thread Tobias Powalowski via Grub-devel
Am 06.07.23 um 15:53 schrieb Daniel Kiper: This and [1] suggest problems with updating the GRUB modules. The grub_is_shim_lock_enabled symbol is provided by the GRUB kernel. If for some reason the GRUB kernel is downgraded but modules are not then newer version of the linux.mod tries to call the

Re: Next Arch Linux shim_lock error with latest grub.git

2023-07-06 Thread Tobias Powalowski via Grub-devel
Probably. If you could share with me a link to the binary/package which fails I could double check all symbols are in place. Daniel Hi Daniel, https://mirror.f4st.host/archlinux/core/os/x86_64/grub-2%3A2.06.r591.g6425c12cd-1-x86_64.pkg.tar.zst Tobias -- Tobias Powalowski Arch Linux Developer

bli module inclusion gives me just black screen on real hardware

2023-07-18 Thread Tobias Powalowski via Grub-devel
Hi, I tried to add the bli module to my standalone grub for my project. In qemu testing all is fine, if trying to boot it on real hardware gives me just a blank screen and game over. Used grub version is 2.12rc1. Any ideas? thanks. greetings tpowa -- Tobias Powalowski Arch Linux Develope

Re: bli module inclusion gives me just black screen on real hardware

2023-08-12 Thread Tobias Powalowski via Grub-devel
Am 12.08.23 um 14:52 schrieb Oliver Steffen: Quoting Daniel Kiper (2023-08-11 18:13:57) Hi, Sorry for late reply but I was on vacation... On Tue, Jul 18, 2023 at 02:34:08PM +0200, Tobias Powalowski via Grub-devel wrote: Hi, I tried to add the bli module to my standalone grub for my project

Re: bli module inclusion gives me just black screen on real hardware

2023-10-01 Thread Tobias Powalowski via Grub-devel
Am 27.09.23 um 09:43 schrieb Oliver Steffen: Quoting Daniel Kiper (2023-09-26 17:57:05) On Sat, Aug 12, 2023 at 03:01:19PM +0200, Tobias Powalowski via Grub-devel wrote: Am 12.08.23 um 14:52 schrieb Oliver Steffen: Quoting Daniel Kiper (2023-08-11 18:13:57) Hi, Sorry for late reply but I

Re: bli module inclusion gives me just black screen on real hardware

2023-10-01 Thread Tobias Powalowski via Grub-devel
Am 27.09.23 um 09:43 schrieb Oliver Steffen: Quoting Daniel Kiper (2023-09-26 17:57:05) On Sat, Aug 12, 2023 at 03:01:19PM +0200, Tobias Powalowski via Grub-devel wrote: Am 12.08.23 um 14:52 schrieb Oliver Steffen: Quoting Daniel Kiper (2023-08-11 18:13:57) Hi, Sorry for late reply but I

Re: bli module inclusion gives me just black screen on real hardware

2023-10-01 Thread Tobias Powalowski via Grub-devel
Am 27.09.23 um 09:43 schrieb Oliver Steffen: Quoting Daniel Kiper (2023-09-26 17:57:05) On Sat, Aug 12, 2023 at 03:01:19PM +0200, Tobias Powalowski via Grub-devel wrote: Am 12.08.23 um 14:52 schrieb Oliver Steffen: Quoting Daniel Kiper (2023-08-11 18:13:57) Hi, Sorry for late reply but I

Re: bli module inclusion gives me just black screen on real hardware

2023-10-02 Thread Tobias Powalowski via Grub-devel
Am 02.10.23 um 11:04 schrieb Oliver Steffen: On Mon, Oct 2, 2023 at 6:54 AM Tobias Powalowski wrote: Am 27.09.23 um 09:43 schrieb Oliver Steffen: Quoting Daniel Kiper (2023-09-26 17:57:05) On Sat, Aug 12, 2023 at 03:01:19PM +0200, Tobias Powalowski via Grub-devel wrote: Am 12.08.23 um 14

Re: [PATCH v2 0/3] Bli: fix hidden module dependency

2023-11-29 Thread Tobias Powalowski via Grub-devel
Am 29.11.23 um 20:43 schrieb Daniel Kiper: On Tue, Nov 21, 2023 at 04:00:35PM +0100, Daniel Kiper wrote: On Thu, Nov 16, 2023 at 02:50:17PM +0100, Daniel Kiper wrote: Adding a few folks who can be interested in this patch set... On Wed, Nov 15, 2023 at 09:07:59PM +0100, Oliver Steffen wrote:

Arch Linux latest git snapshot has too many issues to be a new release base

2025-02-20 Thread Tobias Powalowski via Grub-devel
Hi Daniel, according to my unanswered mail 2 days ago, we tried to bump grub to latest git snapshot. It failed for my co-maintainer in 2 cases: - loopback device seems to be broken - encrypted devices is not working anymore for him We decided to remove it from our [testing] repository again

Re: [SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18

2025-02-18 Thread Tobias Powalowski via Grub-devel
Am 18.02.25 um 19:00 schrieb Daniel Kiper via Grub-devel: I am posting all the GRUB2 upstream patches which fix all security bugs found and reported up until now. Major Linux distros carry or will carry soon one form or another of these patches. Now all the GRUB2 upstream patches are in the GRUB2