Bug#920144: shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled
On Tue, Jan 22, 2019 at 02:41:24PM +0800, Steven Shiau wrote: >Package: shim-signed >Version: 1.28+nmu1+0.9+1474479173.6c180c6-1 >Severity: normal > >Dear Maintainer, > >On Debian secure boot wiki page: >https://wiki.debian.org/SecureBoot/Testing#Buster_installer_images >It mentioned: >Buster live images >Since 16th Jan 2019, our normal weekly amd64 live images should >live-boot with Secure Boot enabled without needing any special steps. >They should also support installation of a Secure Boot enabled system >directly. > >See https://get.debian.org/images/weekly-live-builds/ >and >Buster live images > >Since 16th Jan 2019, our normal weekly amd64 live images should >live-boot with Secure Boot enabled without needing any special steps. >They should also support installation of a Secure Boot enabled system >directly. > >See https://get.debian.org/images/weekly-live-builds/ > >However, both >https://get.debian.org/images/daily-builds/daily/current/amd64/iso-cd/debian-testing-amd64-netinst.iso >and >https://get.debian.org/images/weekly-live-builds/amd64/iso-hybrid/debian-live-testing-amd64-mate.iso >build on Jan/21/2019 failed to boot with secure boot enabled on VMWare >WS Pro 15 and Lenovo X260. >Attached please check the screenshot when it failed to boot. > >In addition, I use live-build 20180925 to create the secure boot ready >Debian Sid ISO with >lb config --uefi-secure-boot enable >and also included grub-efi-amd64-signed, shim-signed, >linux-image-4.19.0-1-amd64 > >However, the created live ISO also failed to boot with the same error. >If I turned off the secure boot in the BIOS, the created ISO can boot >successfully. Apologies, this was a mistake on my part. We were still using our test key for signing our packaged EFI binaries (grub, linux, etc.) and I'd missed that. Things should be fixed really soon... -- Steve McIntyre, Cambridge, UK.st...@einval.com "When C++ is your hammer, everything looks like a thumb." -- Steven M. Haflich
Bug#920144: shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled
Package: shim-signed Version: 1.28+nmu1+0.9+1474479173.6c180c6-1 Severity: normal Dear Maintainer, On Debian secure boot wiki page: https://wiki.debian.org/SecureBoot/Testing#Buster_installer_images It mentioned: Buster live images Since 16th Jan 2019, our normal weekly amd64 live images should live-boot with Secure Boot enabled without needing any special steps. They should also support installation of a Secure Boot enabled system directly. See https://get.debian.org/images/weekly-live-builds/ and Buster live images Since 16th Jan 2019, our normal weekly amd64 live images should live-boot with Secure Boot enabled without needing any special steps. They should also support installation of a Secure Boot enabled system directly. See https://get.debian.org/images/weekly-live-builds/ However, both https://get.debian.org/images/daily-builds/daily/current/amd64/iso-cd/debian-testing-amd64-netinst.iso and https://get.debian.org/images/weekly-live-builds/amd64/iso-hybrid/debian-live-testing-amd64-mate.iso build on Jan/21/2019 failed to boot with secure boot enabled on VMWare WS Pro 15 and Lenovo X260. Attached please check the screenshot when it failed to boot. In addition, I use live-build 20180925 to create the secure boot ready Debian Sid ISO with lb config --uefi-secure-boot enable and also included grub-efi-amd64-signed, shim-signed, linux-image-4.19.0-1-amd64 However, the created live ISO also failed to boot with the same error. If I turned off the secure boot in the BIOS, the created ISO can boot successfully. If you need more info, please let me know. Thanks. Steven -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-3-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages shim-signed depends on: ii debconf [debconf-2.0] 1.5.70 ii grub-efi-amd64-bin 2.02+dfsg1-10 ii grub2-common 2.02+dfsg1-10 ii mokutil 0.2.0-1+b3 ii shim 0.9+1474479173.6c180c6-1 Versions of packages shim-signed recommends: pn secureboot-db shim-signed suggests no packages. -- debconf information excluded -- Steven Shiau Public Key Server PGP Key ID: 4096R/163E3FB0 Fingerprint: EB1D D5BF 6F88 820B BCF5 356C 8E94 C9CD 163E 3FB0