Hi, I've just built a netboot-gtk mini.iso against unstable, including the new kernel. A regular “almost all defaults” (except French to check things like translations, keymap fun, etc.) install on UEFI gave an overall successful installation according to d-i, but it doesn't boot:
Verifying shim SBAT data failed: Security Policy Violation
It's been a while since I last toyed with unstable, so I'm not sure
whether this is known already, where it's coming from, etc. Even when
built against unstable, d-i installs testing, so that shouldn't be
linked to the new Linux version running the installer, as what ends up
on disk is testing's version.
This is the exact same test setup as for (old)stable point release
preps, with qemu/bookworm running on a bookworm system.
kvm -m 1G -machine q35,smm=on -pflash /tmp/1/code.fd -pflash /tmp/1/vars.fd
-hda /tmp/1/sda.img
with both pflash files initialized from those respectively:
- /usr/share/OVMF/OVMF_CODE_4M.ms.fd
- /usr/share/OVMF/OVMF_VARS_4M.ms.fd
Wild guess: Maybe ovmf would need to ship refreshed files?
Can't investigate more right now, live stream and travel are next.
Cheers,
--
Cyril Brulebois (k...@debian.org) <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant
signature.asc
Description: PGP signature
