On 11.04.2021 12:10, Fonic Maxxim wrote: > On 09.04.21 07:42, Andrei Borzenkov wrote: >> On 07.04.2021 12:58, Fonic Maxxim wrote: >>> I have trouble migrating from GRUB 2.04 to GRUB 2.06. My system: PC, >>> x86_64, Gentoo Linux. >>> >>> >>> Whenever I select a boot entry in GRUB 2.06, I get this error: >>> >>> error: shim_lock protocol not found >>> >>> The same thing happens when I use GRUB's command line, e.g. when >>> executing 'chainloader <some-efi-file>'. >>> >>> >>> I'm using Secure Boot with the following setup: >>> >>> UEFI (with my own keys) -> GRUB (standalone EFI image, signed with UEFI >>> key; check_signatures enabled) -> Linux Kernel (signed with GPG key) >>> >>> As can be seen, I'm not using Shim. >>> >>> >>> How can I solve this? >> Create grub image with --disable-shim-lock > > Thanks, I'll give it a try. > >>> Help is greatly appreciated. >>> >>> Would there be any benefit in using Shim? >> Yes for 99.999% of users. You own post demonstrates it. > What would those benefits be? How does my post demonstrate that?
If you used shim, you would not have this issue after update. >>> As far as I can tell, Shim is >>> only useful if one does not want to enroll custom UEFI keys since it is >>> signed by Microsoft and thus works with stock keys. Other than that, >>> Shim introduces an additional layer with additional security risks, thus >>> I'm not really keen to use it if I don't have to. >>> >>> >>> -- Fonic >>> >>> >> >
