On 07.04.2021 12:58, Fonic Maxxim wrote: > I have trouble migrating from GRUB 2.04 to GRUB 2.06. My system: PC, > x86_64, Gentoo Linux. > > > Whenever I select a boot entry in GRUB 2.06, I get this error: > > error: shim_lock protocol not found > > The same thing happens when I use GRUB's command line, e.g. when > executing 'chainloader <some-efi-file>'. > > > I'm using Secure Boot with the following setup: > > UEFI (with my own keys) -> GRUB (standalone EFI image, signed with UEFI > key; check_signatures enabled) -> Linux Kernel (signed with GPG key) > > As can be seen, I'm not using Shim. > > > How can I solve this?
Create grub image with --disable-shim-lock > Help is greatly appreciated. > > Would there be any benefit in using Shim? Yes for 99.999% of users. You own post demonstrates it. > As far as I can tell, Shim is > only useful if one does not want to enroll custom UEFI keys since it is > signed by Microsoft and thus works with stock keys. Other than that, > Shim introduces an additional layer with additional security risks, thus > I'm not really keen to use it if I don't have to. > > > -- Fonic > >
