[bug #67455] Can't Secure Boot via sbctl

Sun, 24 Aug 2025 05:50:02 -0700 

URL:
  <https://savannah.gnu.org/bugs/?67455>

                 Summary: Can't Secure Boot via sbctl
                   Group: GNU GRUB
               Submitter: sosaldvaraza
               Submitted: Вс 24 авг 2025 12:49:40
                Category: Booting
                Severity: Major
                Priority: 5 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: sosaldvaraza
        Originator Email:
             Open/Closed: Open
         Discussion Lock: Any
                 Release: other
                 Release:
         Reproducibility: None
         Planned Release: None


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Вс 24 авг 2025 12:49:40   By: Sosal Dva Raza <sosaldvaraza>
GRUB 2:2.12.r292.g73d1c959-1
https://github.com/Foxboron/sbctl

re-installed grub with tpm module
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
--modules="normal test efi_gop efi_uga search echo linux all_video gfxmenu
gfxterm_background gfxterm_menu gfxterm loadenv configfile tpm"
--disable-shim-lock

via bios set the Secure Boot to setup mode

Prepared sbctl
sudo -i
sbctl create-keys
sbctl enroll-keys -m
sbctl verfiy


In addition to the files that need to be signed, I received a lot of errors in
response related to the files inside /grub
They are all the same, so I will insert one example
failed to verify file /boot/grub/x86_64-efi/tpm.mod:
/boot/grub/x86_64-efi/tpm.mod: invalid pe header

i signed:
Verifying file database and EFI images in /boot...
✓ /boot/EFI/BOOT/BOOTX64.EFI is signed
✓ /boot/EFI/GRUB/grubx64.efi is signed
✓ /boot/grub/x86_64-efi/core.efi is signed
✓ /boot/grub/x86_64-efi/grub.efi is signed
✓ /boot/vmlinuz-linux is signed



i boot in GRUB, grub looks broken visually, like some fonts didn't load, but
it's readable
When I try to boot into the system GRUB gives an error 
error: verification requested but nobody cares & need to load the kernel
first
I hope the picture is acceptable to you:
https://www.radikal.host/i/uO8yxE








    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?67455>

_______________________________________________
Сообщение отправлено по Savannah
https://savannah.gnu.org/

Attachment: signature.asc
Description: PGP signature

Reply via email to