On Thu, Dec 8, 2016 at 2:04 PM, Giovanni Santini <[email protected]> wrote: > Il 08/12/2016 05:03, Andrei Borzenkov ha scritto: >> >> Upstream GRUB does not support secure boot at all, so you need to raise >> bug report to your distribution. Each is using slightly different >> version of secure boot patch so it is impossible to give blanket answer. >> > > Any chances to have this fixed upstream? >
I understand that this needs clarification. GRUB itself is completely Secure Boot agnostic - if you sign binary it will likely work and will be able to also chainload other signed binaries as long as firmware accepts them. What it does not support is explicit signature verification using popular shim protocol which can be considered bypassing firmware check entirely. > >>> /EndEntire >>> file path: >>> /ACPI(yadda)/PCI(yadda)/Sata(0,0,0)/HD(yaddayadda)/File(\EFI\Microsoft\Boot)/File(bootmgfw.efi)/EndEntire >>> error: cannot load image. >>> >> >> I am aware of at least one problem (incorrect parsing of executable >> format when secure boot is active) that was fixed in openSUSE grub package. >> > > I see. > If you've have a link to it, it would be great. https://bugzilla.opensuse.org/show_bug.cgi?id=954126#c6 _______________________________________________ Help-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-grub
