If validation has been disabled via MokSbState, secure boot on the firmware is still enabled, and the kernel fails to boot.
This is a bit hacky, because shim_lock is not *fully* enabled, but it triggers the right code paths. Ultimately, all this will be resolved by shim gaining it's own image loading and starting protocol, so this is more a temporary workaround. Fixes: 6425c12cd (efi: Fallback to legacy mode if shim is loaded on x86 archs) Signed-off-by: Julian Andres Klode <julian.kl...@canonical.com> --- grub-core/kern/efi/sb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c index 60550a6da..ea15d4514 100644 --- a/grub-core/kern/efi/sb.c +++ b/grub-core/kern/efi/sb.c @@ -95,6 +95,7 @@ grub_efi_get_secureboot (void) if (!(attr & GRUB_EFI_VARIABLE_RUNTIME_ACCESS) && *moksbstate == 1) { secureboot = GRUB_EFI_SECUREBOOT_MODE_DISABLED; + shim_lock_enabled = true; goto out; } -- 2.40.1 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel