Onestly I don't think that booting to windows is the problem, since it seems as long as the bootloader is signed (even without a microsoft key, like I'm doing) chainloading windows will just work. Also I assume that the windows bootloader and kernel is already signed for SB. The problem lies in verifying the entries in grub (so before chainloading windows or loading kernels). I will try to look into the shim anyway, if you have some documentation on it I would appreciate it.
Thanks, Federico On November 22, 2023 9:00:04 AM GMT+01:00, Mathias Radtke <[email protected]> wrote: >Hi > > > > >Hello, >I already imported the sb keys from the uefi and signed my grub image. However >the problem is that apart from the uefi verification of the grub image itself, >no other verification is done by grub. This would mean that I can actually >boot on unsigned kernels from grub (with sb enabled!). But I can sign >correctly both the kernel and grub as of now. > >Then I think you would have to compile a shim for your system and boot this >one first instead of grub. However if this shim is not signed by Microsoft I >can't say for sure if a Linux/Windows Dual Boot system will boot properly into >Windows. >I think you should also compile your public cert of the key into the shim, >just to make sure. > >Regards > >Mathias
