[fedora-arm] fedora with MS signed Secure Boot

Sun, 31 Aug 2025 14:54:07 -0700 


Dear all,
I failed to find the answer myself. :-(
It seems to me that the AARCH64 version of Fedora is not enabled for UEFI Secure Boot like the x86_64 version. I.e., the shim EFI binary is not signed and neither is the kernel (see below). What am I missing? What am I doing wrong? Background: I want to use AARCH64 Fedora in a UEFI Secure Boot environment with the the pre-deployed keys from Microsoft. 
Thanks, Udo


AARCH64

# uname -r
6.15.10-200.fc42.aarch64
# sbverify --list /boot/efi/EFI/fedora/shimaa64.efi
warning: data remaining[830464 vs 971654]: gaps between PE/COFF sections?
warning: data remaining[830464 vs 971656]: gaps between PE/COFF sections?
No signature table present
# sbverify --list /boot/vmlinuz-6.15.10-200.fc42.aarch64
No signature table present
#



X86_64

# uname -r
6.15.7-200.fc42.x86_64
root@ronin:~# sbverify --list /boot/efi/EFI/fedora/shimx64.efi
warning: data remaining[823272 vs 949424]: gaps between PE/COFF sections?
signature 1
image signature issuers:
- /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011 
image signature certificates:
- subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows UEFI Driver Publisher issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011 - subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011 issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation Third Party Marketplace Root 
# sbverify --list /boot/vmlinuz-6.15.9-201.fc42.x86_64
signature 1
image signature issuers:
- /C=US/ST=Massachusetts/L=Cambridge/O=Red Hat, Inc./OU=Fedora Secure Boot CA 20200709/CN=fedoraca 
image signature certificates:
- subject: /C=US/ST=Massachusetts/L=Cambridge/O=Red Hat, Inc./OU=Fedora Secure Boot Signer/OU=bkernel01 kernel/CN=kernel-signer issuer: /C=US/ST=Massachusetts/L=Cambridge/O=Red Hat, Inc./OU=Fedora Secure Boot CA 20200709/CN=fedoraca 
#




--
_______________________________________________
arm mailing list -- arm@lists.fedoraproject.org
To unsubscribe send an email to arm-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/arm@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to