On 05.02.2022 00:08, Domenico Panella wrote: > Hi all, > I have a problem with grub. > I have signed grub efi file with my efi keys > But I get this error : > > verifcation requested but nobody cares: (hd0,gpt7)/boot/grub/x86_64-efi > /normal.mod > Entering rescue mode... grub rescue> > > I always used this way but now it doesn't work. > What missing? >
When secure boot is enabled grub enforces verification of modules. But grub modules themselves do not have EFI signature, so there is no verifier that can check them. Distributions ship signed grub with module loading disabled. You may try signing modules with GPG key and adding this key to grub image. But that will enforce signature checks for every file including configuration, themes etc, every file that grub reads will need to be signed. Alternative is to use grub-standalone to embed RAM disk with modules in grub image. GRUB should skip signature verification for those internal modules.
