You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm currently using shim-15-5 on Gentoo, which uses Fedora's 15-5 binary packages. I have a custom Secure Boot key enrolled using Mok and everything's working fine.
On upgrading to shim-15.4-5 manually (since this version isn't in Gentoo yet), all self-signed EFI executables that previously worked with 15-5 are now failing with 0x1A security violation in the shim loader.
I'm unsure what would be causing this, since everything works fine with 15-5.
Signing command I'm using for GRUB: (using sbsigntool-0.9.4) sbsign --key MOK.priv --cert MOK.pem --output /boot/efi/EFI/gentoo/grubx64.efi grubx64.efi
The text was updated successfully, but these errors were encountered:
The most likely cause will be that your old binaries don't include SBAT metadata, and that's a hard requirement now when you're using shim 15.3 onwards.
I saw mentions of SBAT in the 15.4 changes but didn't realize that it applied to binaries as well as the firmware. I'll look into adding SBAT sections to the binaries.
I'm currently using shim-15-5 on Gentoo, which uses Fedora's 15-5 binary packages. I have a custom Secure Boot key enrolled using Mok and everything's working fine.
On upgrading to shim-15.4-5 manually (since this version isn't in Gentoo yet), all self-signed EFI executables that previously worked with 15-5 are now failing with
0x1A security violation
in the shim loader.I'm unsure what would be causing this, since everything works fine with 15-5.
Signing command I'm using for GRUB: (using sbsigntool-0.9.4)
sbsign --key MOK.priv --cert MOK.pem --output /boot/efi/EFI/gentoo/grubx64.efi grubx64.efi
The text was updated successfully, but these errors were encountered: