Hi, I've been working on Secure Boot recently with GNU Grub 2.04. My kernel is signed with my db key, and I have a detached GPG signature for it as well. If SB is not enabled, the setup works. With SB, it fails saying 'invalid signature'. I've been a bit through the code, and it seems to be that the signature is only verified via the shim protocol. Am I right ? Or is it possible to boot directly Grub via UEFI with SB, with GPG signed linux (and db signed if needed) ?
Cheers, _______________________________________________ Help-grub mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-grub
