You are not logged in.
- Topics: Active | Unanswered
#1 2023-07-14 05:43:32
- -thc
- Member
- Registered: 2017-03-15
- Posts: 863
[solved] grub 2.12rc1 (> 2.06.r499) no longer works with m. sec. boot
grub 2.12rc1 - as any version above 2.06.r499 - no longer works with the "CA keys" method (a.k.a. "measured secure boot") described here: https://wiki.archlinux.org/title/GRUB#S … ot_support
The fix introduced in 2.06.r591 only works for the SHIM secure boot method.
Last edited by -thc (2023-07-19 06:19:48)
Offline
#2 2023-07-14 13:09:57
- agapito
- Member
- From: Who cares.
- Registered: 2008-11-13
- Posts: 695
Re: [solved] grub 2.12rc1 (> 2.06.r499) no longer works with m. sec. boot
Excuse my poor English.
Offline
#3 2023-07-19 06:18:43
- -thc
- Member
- Registered: 2017-03-15
- Posts: 863
Re: [solved] grub 2.12rc1 (> 2.06.r499) no longer works with m. sec. boot
Thanks - signing the kernel image does the trick.
Offline
#4 2023-07-20 06:50:58
- -thc
- Member
- Registered: 2017-03-15
- Posts: 863
Re: [solved] grub 2.12rc1 (> 2.06.r499) no longer works with m. sec. boot
I have created a pacman hook for automatic signing:
/usr/share/libalpm/hooks/sbsign.hook
------------------------------------------------------------
[Trigger]
Type = Path
Operation = Install
Operation = Upgrade
Target = usr/lib/modules/*/vmlinuz
[Action]
Description = Signing kernel image...
When = PostTransaction
Exec = /usr/bin/sbsign --key /path/to/signing.key --cert /path/to/signing.crt --output /boot/vmlinuz-linux /boot/vmlinuz-linuxOffline