Hi, I'm trying to bring up ubuntu on qemu with secure boot enabled. I have registered PK, KEK and db, and enabled secure boot option.
In the initial grub.cfg file under ESP, I have set check_signatures to enforce. This file is signed by my gpg key. After this I'm creating a grub image with --pubkey option set to gpg key file and modules containing " pgp verifiers gcry_sha256 gcry_sha512 gcry_dsa gcry_rsa" The created grubx64.efi, vmlinuz are signed with db key and all the grub modules, the second grub cfg file, vmlinuz and initrd are signed with my gpg key But with this the image fails to boot. In the grub console, I see list_trusted is empty. But in the grub image hexdump I see the key is present and pgp has been included in the modules while creating the image. On the console, insmod gpg doesn't seem to change this either as trusted list is still empty. I have set debug to loader,verify, but don't see any messages coming up. Any help in debugging further would be appreciated Thanks Akshath
