This stems from the fact that peimage is suddenly present on non-SB architectures with a monolithic image in the picture, but cannot tell whether to enforce NX without shim, so it just does for safety.
What we should is only build peimage into monolithic GRUB on amd64 and arm64, where it has shim to tell NX policy, and on everything else there is no SB, so firmware LoadImage itself can tell NX policy. Fixing this post Oracular is probably fine, because if you use grub- install with the core+modules setup this problem doesn't occur, it only affects the newly introduced monolith images which aren't automatically consumed yet. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2083154 Title: loader/efi/peimage.c:210:peimage: NX policy violation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2083154/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs