Package: grub-efi-arm64-signed Version: 2.06-8 Hi,
Secure Boot does not work on arm64 using the shim signed by Microsoft [0] and grub2 signed by Debian [1] currently in sid. (a) SB not working with Debian's shim, grub and kernel: $ sbverify --list /mnt/efi/boot/bootaa64.efi | grep subject warning: data remaining[839096 vs 979672]: gaps between PE/COFF sections? - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows UEFI Driver Publisher - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011 $ sbverify --list /mnt/efi/boot/grubaa64.efi | grep subject - subject: /CN=Debian Secure Boot Signer 2022 - grub2 $ sbverify --list /mnt/vmlinuz-6.1.0-7-arm64 | grep subject - subject: /CN=Debian Secure Boot Signer 2022 - linux With the efi variables from qemu-efi-aarch64's AAVMF_VARS.ms.fd plus SHIM_VERBOSE enabled `mokutil --set-verbosity true`, and the firmware file AAVM_CODE.fd from edk2 rebuilt in debug mode - see https://bugs.debian.org/1033613 $ qemu-system-aarch64 -machine virt -cpu cortex-a57 \ -drive file=AAVMF_CODE.debug.fd,format=raw,if=pflash,readonly=true \ -drive file=AAVMF_VARS.ms.verbose.fd \ [...] grub> linux /vmlinuz-6.1.0-7-arm64 [...] shim.c:665:verify_buffer_authenticode() Attempting to verify signature 0: shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (db) shim.c:154:check_db_cert_in_ram() trying to verify cert 1 (db) shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (MokListRT) shim.c:164:check_db_cert_in_ram() AuthenticodeVerify() succeeded: 1 grub> boot [Security] 3rd party image[0] can be loaded after EndOfDxe: MemoryMapped(0x2,0x6A03D000,0x6C72D7C0). DxeImageVerificationLib: Image is signed but signature is not allowed by DB and SHA256 hash of image is not found in DB/DBX. The image doesn't pass verification: MemoryMapped(0x2,0x6A03D000,0x6C72D7C0) error: cannot load image. However: (b) SB works with Ubuntu's shim, grub and kernel [2] (c) SB works using a self-signed shim, grub, and kernel from unstable The Ubuntu output (b) is: grub> linux /vmlinuz-6.2.0-18-generic shim.c:665:verify_buffer_authenticode() Attempting to verify signature 0: shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (dbx) shim.c:154:check_db_cert_in_ram() trying to verify cert 1 (dbx) shim.c:154:check_db_cert_in_ram() trying to verify cert 2 (dbx) shim.c:154:check_db_cert_in_ram() trying to verify cert 3 (dbx) shim.c:154:check_db_cert_in_ram() trying to verify cert 4 (dbx) shim.c:154:check_db_cert_in_ram() trying to verify cert 5 (dbx) shim.c:154:check_db_cert_in_ram() trying to verify cert 6 (dbx) shim.c:154:check_db_cert_in_ram() trying to verify cert 7 (dbx) shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (db) shim.c:154:check_db_cert_in_ram() trying to verify cert 1 (db) shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (MokListRT) shim.c:164:check_db_cert_in_ram() AuthenticodeVerify() succeeded: 1 grub> boot EFI stub: Booting Linux Kernel... EFI stub: EFI_RNG_PROTOCOL unavailable EFI stub: ERROR: FIRMWARE BUG: kernel image not aligned on 64k boundary EFI stub: ERROR: FIRMWARE BUG: Image BSS overlaps adjacent EFI memory region EFI stub: Generating empty DTB EFI stub: Exiting boot services... EFI stub: UEFI Secure Boot is enabled. And the Debian self-signed output (c) is: grub> linux /vmlinuz-6.1.0-7-arm64.selfsigned [...] shim.c:665:verify_buffer_authenticode() Attempting to verify signature 0: shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (db) shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (MokListRT) shim.c:164:check_db_cert_in_ram() AuthenticodeVerify() succeeded: 1 shim.c:665:verify_buffer_authenticode() Attempting to verify signature 1: shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (db) shim.c:164:check_db_cert_in_ram() AuthenticodeVerify() succeeded: 1 grub> boot [Security] 3rd party image[0] can be loaded after EndOfDxe: MemoryMapped(0x2,0x6A040000,0x6C730E68). DxeImageVerificationLib: Image is signed but signature is not allowed by DB and SHA256 hash of image is not found in DB/DBX. DxeImageVerification: MeasureVariable (Pcr - 7, EventType - 800000E0, VariableName - db, VendorGuid - D719B2CB-3D3A-4596-A3BC-DAD00E67656F) MeasureBootPolicyVariable - Not Found None of Tcg2Protocol/CcMeasurementProtocol is installed. [...] EFI stub: Booting Linux Kernel... EFI stub: EFI_RNG_PROTOCOL unavailable EFI stub: UEFI Secure Boot is enabled. As per the way forward: the diff between Debian's grub and Ubuntu's is non-trivial, so comparing the two may not be the best course of action. I see that there is an old patchset at https://bugs.debian.org/836140 which could be forward-ported though. In any case there are two difficulties when it comes to testing a new grub version: - Secure Boot just works when self-signing (c), and I'm not sure why that is the case. We need to be able to reproduce the issue (a) with a self-signed version of grub. - There is no version of grubaa64.efi with debugging symbols enabled. grub-efi-amd64-dbg provides unstripped versions of all the individual grub modules, but there is no equivalent for the monolithic images. -- [0] /usr/lib/shim/shimaa64.efi.signed from shim-signed 1.39 [1] /usr/lib/grub/arm64-efi-signed/grubaa64.efi.signed from grub-efi-arm64-signed 2.06-8 [2] shim-signed_1.54+15.7-0ubuntu1_arm64.deb grub-efi-arm64-signed_1.192+2.06-2ubuntu16_arm64.deb linux-image-6.2.0-18-generic_6.2.0-18.18_arm64.deb