Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
EFI/BOOT: bring back files from Ubuntu 18.04
Bring back the state of EFI/BOOT files as of commit bc4f026 plus the config change with commit c35a30b, as this was the last GRUB version that's known to be working with *unsigned* kernel files. Otherwise SecureBoot fails to boot with: | Loading kernel... | error: /boot/grml/vmlinuz has invalid signature. | Loading initrd... | error: you need to load the kernel first. when using grub2-signed (corresponding to Ubuntu's GRUB 2.02+dfsg1-5ubuntu7) with files e.g. from http://de.archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.38+15+1533136590.3beb971-0ubuntu1_amd64.deb + http://de.archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub-efi-amd64-signed_1.109+2.02+dfsg1-5ubuntu7_amd64.deb This might be related to the change introduced in: | grub2-signed (1.93.4) bionic; urgency=medium | | * Rebuild against grub2 2.02-2ubuntu8.3 and check kernel is signed on | amd64 EFI before installing grub (LP: #1786491). | | -- Julian Andres Klode <juliank@ubuntu.com> Mon, 13 Aug 2018 12:51:32 +0200 JFTR, as of 2018-10-17 we have in Ubuntu: | % rmadison -u ubuntu grub-efi-amd64-signed | grub-efi-amd64-signed | 1.9~ubuntu12.04.10+1.99-21ubuntu3.19 | precise-security | amd64 | grub-efi-amd64-signed | 1.9~ubuntu12.04.10+1.99-21ubuntu3.19 | precise-updates | amd64 | grub-efi-amd64-signed | 1.34+2.02~beta2-9 | trusty | amd64 | grub-efi-amd64-signed | 1.34.7+2.02~beta2-9ubuntu1.6 | trusty-security | amd64 | grub-efi-amd64-signed | 1.34.17+2.02~beta2-9ubuntu1.15 | trusty-updates | amd64 | grub-efi-amd64-signed | 1.66+2.02~beta2-36ubuntu3 | xenial | amd64 | grub-efi-amd64-signed | 1.66.18+2.02~beta2-36ubuntu3.18 | xenial-updates | amd64 | grub-efi-amd64-signed | 1.93+2.02-2ubuntu8 | bionic | amd64 | grub-efi-amd64-signed | 1.93.7+2.02-2ubuntu8.6 | bionic-updates | amd64 | grub-efi-amd64-signed | 1.93.8+2.02-2ubuntu8.7 | bionic-proposed | amd64 | grub-efi-amd64-signed | 1.109+2.02+dfsg1-5ubuntu7 | cosmic | amd64 Note that EFI boot with ovmf 0~20161202.7bbe0b3e-1 with kvm/qemu on Debian/stretch fails, resulting in a grub shell prompt of GRUB 2.02-2ubuntu8 (without any menu), e.g. when invoked via: | % qemu-system-x86_64 -bios /usr/share/qemu/OVMF.fd -vga qxl -hda grml.iso -m 512 Both the ovmf versions from kraxel as well from current Debian/testing AKA buster work though: | % wget https://www.kraxel.org/repos/jenkins/edk2/edk2.git-ovmf-x64-0-20180807.281.gc526dcd40f.noarch.rpm | % rpm2cpio edk2.git-ovmf-x64-0-20180807.281.gc526dcd40f.noarch.rpm | cpio -idmv | % qemu-system-x86_64 -bios ./usr/share/edk2.git/ovmf-x64/OVMF-pure-efi.fd -vga qxl -hda grml.iso -m 512 + | % wget http://ftp.de.debian.org/debian/pool/main/e/edk2/ovmf_0~20180812.cb5f4f45-1_all.deb | % dpkg -x ovmf_0\~20180812.cb5f4f45-1_all.deb ovmf | % qemu-system-x86_64 -bios ovmf/usr/share/ovmf/OVMF.fd -vga qxl -hda grml.iso -m 512 Closes: grml/grml#105 and possibly also related to #59
- Loading branch information