On Tue, Jan 22, 2019 at 02:41:24PM +0800, Steven Shiau wrote: >Package: shim-signed >Version: 1.28+nmu1+0.9+1474479173.6c180c6-1 >Severity: normal > >Dear Maintainer, > >On Debian secure boot wiki page: >https://wiki.debian.org/SecureBoot/Testing#Buster_installer_images >It mentioned: >Buster live images >Since 16th Jan 2019, our normal weekly amd64 live images should >live-boot with Secure Boot enabled without needing any special steps. >They should also support installation of a Secure Boot enabled system >directly. > >See https://get.debian.org/images/weekly-live-builds/ >and >Buster live images > >Since 16th Jan 2019, our normal weekly amd64 live images should >live-boot with Secure Boot enabled without needing any special steps. >They should also support installation of a Secure Boot enabled system >directly. > >See https://get.debian.org/images/weekly-live-builds/ > >However, both >https://get.debian.org/images/daily-builds/daily/current/amd64/iso-cd/debian-testing-amd64-netinst.iso >and >https://get.debian.org/images/weekly-live-builds/amd64/iso-hybrid/debian-live-testing-amd64-mate.iso >build on Jan/21/2019 failed to boot with secure boot enabled on VMWare >WS Pro 15 and Lenovo X260. >Attached please check the screenshot when it failed to boot. > >In addition, I use live-build 20180925 to create the secure boot ready >Debian Sid ISO with >lb config --uefi-secure-boot enable >and also included grub-efi-amd64-signed, shim-signed, >linux-image-4.19.0-1-amd64 > >However, the created live ISO also failed to boot with the same error. >If I turned off the secure boot in the BIOS, the created ISO can boot >successfully.
Apologies, this was a mistake on my part. We were still using our test key for signing our packaged EFI binaries (grub, linux, etc.) and I'd missed that. Things should be fixed really soon... -- Steve McIntyre, Cambridge, UK. st...@einval.com "When C++ is your hammer, everything looks like a thumb." -- Steven M. Haflich