You are not logged in.
There was an "error: bad shim signature." problem with the recent GRUB update.
This problem has apparently been resolved in the latest update (2.06.r591.g6425c12cd-1).
When I ran into this problem, I figured out that the shim signature had expired.
So I decided to use signed shim packages from other distributions.
I actually used the one distributed with Ubuntu and the one distributed with Oracle Linux.
Just to be sure, I reset the currently enrolled MOK, replaced shim with their respective ones, and reinstalled GRUB.
However, neither was able to do Secure Boot. On the contrary, it shows me "Verification failed: (0x1A) Security Violation" errors and I had to disable secure boot on my laptop.
Fortunately, I have not had any problems with Windows 11, which is dual-booted, so Secure Boot is still disabled as of now.
Incidentally, the environment in which the problem is occurring is as follows.
Vendor: DELL
Name: Inspiron 15 5505
UEFI Version: 1.12.0 (Latest as of July 5, 2023)
CPU: AMD Ryzen 7 4700U
Please tell me the solution.
Last edited by 04tm34l (2023-07-27 07:56:51)
Offline
In conclusion, this seems to have to wait for an update of shim-signed package.
However, I could enable secure boot by generating my db key, enrolling the certificate file with UEFI, and signing the GRUB EFI image and kernel.
At this time, Platform Key and Key Exchange Key are also generated, but this is easy since it is only necessary to enroll the db key.
However, it must be protected from modification by setting a password in the UEFI.
Last edited by 04tm34l (2023-07-27 07:51:45)
Offline
There is one more thing to keep in mind.
When installing GRUB, do not specify SBAT and do not use shim with the --disable-shim-lock option.
If you want to use a shim, you can install unsigned shim, sign shim.efi and mokmanager.efi with your db key enrolled in UEFI, and sign grub.efi and the kernel with the Machine Owner Key you created separately.
However, this method should not be used because it is ridiculous to use two self-signed keys.
If you do it, do it at your own risk!
Last edited by 04tm34l (2023-07-27 09:38:21)
Offline