On Thu, Mar 16, 2023 at 07:02:12PM +0800, Michael Chang via Grub-devel wrote: > On Fri, Mar 10, 2023 at 01:15:40PM +0800, Michael Chang via Grub-devel wrote: > > On Thu, Mar 09, 2023 at 02:10:54AM -0800, Atish Patra wrote: > > > On Mon, Mar 6, 2023 at 7:21 PM Michael Chang <mch...@suse.com> wrote: > > [snip] > > > > I have a small favor to ask. Is it possible for you to test out the > > > changes[1] on the ARM64 platform ? > > > > Sure. I'll do it next week and come back to you for any result. > > It all worked well for me until secure boot was enabled and MOK was used
Great! > to verify the kernel image. Here is the error message: > > error: ../../grub-core/loader/efi/linux.c:203:cannot load image. > Loading Linux 5.14.21-150400.24.46-default ... > Loading initial ramdisk ... > > Press any key to continue... > [Security] 3rd party image[0] can be loaded after EndOfDxe: > MemoryMapped(0x2,0x75754000,0x77A36200). > DxeImageVerificationLib: Image is signed but signature is not allowed by DB > and SHA256 hash of image is not found in DB/DBX. > The image doesn't pass verification: MemoryMapped(0x2,0x75754000,0x77A36200) > > It is not a problem in the patch itself, but the LoadImage based > approach hardly to work with MOK since the UEFI firmware doesn't > recognize key stores other than the standard KEK and DB of type authvar. I assume you started the GRUB without the shim. So, this is expected. Anyway, thank you for doing the tests and confirming Atish's patch set works as expected. Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
