Use last signed grub for 32bit kernels

[alkisg]

Secure boot in Ubuntu works like this:

• UEFI loads /boot/efi/EFI/Boot/BOOTX64.EFI. This needs to be signed by Microsoft.
• In Ubuntu, this is the same as the /usr/lib/shim/shimx64.efi.signed file that is shipped by the shim-signed package.
• Shim-signed contains Canonical's grub keys and is able to load their own signed grub, /boot/efi/EFI/ubuntu/grubx64.efi. This is the same as the /usr/lib/grub/x86_64-efi-signed/grubx64.efi.signed file that is shipped by the grub-efi-amd64-signed package.
• AFAIK, shimx64.efi.signed doesn't contain the keys of other distributions and isn't able to directly boot Debian or Fedora kernels. Liveusb requires that secure boot is disabled in this case.

Up to grub2 version 2.04-1ubuntu21, grub was able to load a 32 bit kernel under UEFI, although not under secure boot. After that version loading for example lubuntu-18.04-desktop-i386.iso under UEFI won't work, with the following error message:

"error: kernel doesn't support 64-bit CPUs"

So, a new liveusb version will be released that will be based on Ubuntu's grub 2.04-1ubuntu21 packages, and it will keep using that version until booting 32bit kernels under UEFI isn't needed anymore.

[alkisg]

Direct links to the last good binaries which can boot a 32bit kernel under UEFI.

Binaries of shim version 15+1533136590.3beb971-0ubuntu1:

• https://launchpad.net/~canonical-foundations/+archive/ubuntu/shim/+build/15295489/+files/shim_15+1533136590.3beb971-0ubuntu1_amd64.deb

Binaries of shim-signed version 1.40.2:

• https://launchpad.net/ubuntu/+source/shim-signed/1.40.2/+build/19144064/+files/shim-signed_1.40.2+15+1533136590.3beb971-0ubuntu1_amd64.deb

Binaries of secureboot-db version 1.5:

• https://launchpad.net/ubuntu/+source/secureboot-db/1.5/+build/17236727/+files/secureboot-db_1.5_amd64.deb

Binaries of grub2-signed version 1.136+2.04-1ubuntu21:

• https://launchpad.net/ubuntu/+source/grub2-signed/1.136/+build/18767810/+files/grub-efi-amd64-signed_1.136+2.04-1ubuntu21_amd64.deb

Binaries of grub2 version 2.04-1ubuntu21:

• https://launchpad.net/ubuntu/+source/grub2/2.04-1ubuntu21/+build/18767805/+files/grub-common_2.04-1ubuntu21_amd64.deb
• https://launchpad.net/ubuntu/+source/grub2/2.04-1ubuntu21/+build/18767805/+files/grub-efi-amd64-bin_2.04-1ubuntu21_amd64.deb
• https://launchpad.net/ubuntu/+source/grub2/2.04-1ubuntu21/+build/18767805/+files/grub-pc_2.04-1ubuntu21_amd64.deb
• https://launchpad.net/ubuntu/+source/grub2/2.04-1ubuntu21/+build/18767805/+files/grub-pc-bin_2.04-1ubuntu21_amd64.deb
• https://launchpad.net/ubuntu/+source/grub2/2.04-1ubuntu21/+build/18767805/+files/grub2-common_2.04-1ubuntu21_amd64.deb

[alkisg]

Fixed in the 20.10 liveusb release.