subject:"Bug#920144\: shim\-signed\: Buster installer images and live image build on Jan\/21\/2019 can not boot with Secure Boot enabled"

Bug#920144: shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled

2019-03-23 Thread Steve McIntyre

On Tue, Jan 22, 2019 at 02:41:24PM +0800, Steven Shiau wrote:
>Package: shim-signed
>Version: 1.28+nmu1+0.9+1474479173.6c180c6-1
>Severity: normal
>
>Dear Maintainer,
>
>On Debian secure boot wiki page:
>https://wiki.debian.org/SecureBoot/Testing#Buster_installer_images
>It mentioned:
>Buster live images
>Since 16th Jan 2019, our normal weekly amd64 live images should
>live-boot with Secure Boot enabled without needing any special steps.
>They should also support installation of a Secure Boot enabled system
>directly.
>
>See https://get.debian.org/images/weekly-live-builds/
>and
>Buster live images
>
>Since 16th Jan 2019, our normal weekly amd64 live images should
>live-boot with Secure Boot enabled without needing any special steps.
>They should also support installation of a Secure Boot enabled system
>directly.
>
>See https://get.debian.org/images/weekly-live-builds/
>
>However, both
>https://get.debian.org/images/daily-builds/daily/current/amd64/iso-cd/debian-testing-amd64-netinst.iso
>and
>https://get.debian.org/images/weekly-live-builds/amd64/iso-hybrid/debian-live-testing-amd64-mate.iso
>build on Jan/21/2019 failed to boot with secure boot enabled on VMWare
>WS Pro 15 and Lenovo X260.
>Attached please check the screenshot when it failed to boot.
>
>In addition, I use live-build 20180925 to create the secure boot ready
>Debian Sid ISO with
>lb config --uefi-secure-boot enable
>and also included grub-efi-amd64-signed, shim-signed,
>linux-image-4.19.0-1-amd64
>
>However, the created live ISO also failed to boot with the same error.
>If I turned off the secure boot in the BIOS, the created ISO can boot
>successfully.

Apologies, this was a mistake on my part. We were still using our test
key for signing our packaged EFI binaries (grub, linux, etc.) and I'd
missed that. Things should be fixed really soon...

-- 
Steve McIntyre, Cambridge, UK.st...@einval.com
"When C++ is your hammer, everything looks like a thumb." -- Steven M. Haflich

Bug#920144: shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled

2019-01-21 Thread Steven Shiau

Package: shim-signed
Version: 1.28+nmu1+0.9+1474479173.6c180c6-1
Severity: normal

Dear Maintainer,

On Debian secure boot wiki page:
https://wiki.debian.org/SecureBoot/Testing#Buster_installer_images
It mentioned:
Buster live images
Since 16th Jan 2019, our normal weekly amd64 live images should
live-boot with Secure Boot enabled without needing any special steps.
They should also support installation of a Secure Boot enabled system
directly.

See https://get.debian.org/images/weekly-live-builds/
and
Buster live images

Since 16th Jan 2019, our normal weekly amd64 live images should
live-boot with Secure Boot enabled without needing any special steps.
They should also support installation of a Secure Boot enabled system
directly.

See https://get.debian.org/images/weekly-live-builds/

However, both
https://get.debian.org/images/daily-builds/daily/current/amd64/iso-cd/debian-testing-amd64-netinst.iso
and
https://get.debian.org/images/weekly-live-builds/amd64/iso-hybrid/debian-live-testing-amd64-mate.iso
build on Jan/21/2019 failed to boot with secure boot enabled on VMWare
WS Pro 15 and Lenovo X260.
Attached please check the screenshot when it failed to boot.

In addition, I use live-build 20180925 to create the secure boot ready
Debian Sid ISO with
lb config --uefi-secure-boot enable
and also included grub-efi-amd64-signed, shim-signed,
linux-image-4.19.0-1-amd64

However, the created live ISO also failed to boot with the same error.
If I turned off the secure boot in the BIOS, the created ISO can boot
successfully.

If you need more info, please let me know. Thanks.

Steven

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages shim-signed depends on:
ii  debconf [debconf-2.0]  1.5.70
ii  grub-efi-amd64-bin 2.02+dfsg1-10
ii  grub2-common   2.02+dfsg1-10
ii  mokutil    0.2.0-1+b3
ii  shim   0.9+1474479173.6c180c6-1

Versions of packages shim-signed recommends:
pn  secureboot-db  

shim-signed suggests no packages.

-- debconf information excluded

-- 
Steven Shiau 
Public Key Server PGP Key ID: 4096R/163E3FB0
Fingerprint: EB1D D5BF 6F88 820B BCF5  356C 8E94 C9CD 163E 3FB0

Bug#920144: shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled

Bug#920144: shim-signed: Buster installer images and live image build on Jan/21/2019 can not boot with Secure Boot enabled

2 matches

Site Navigation

Mail list logo

Footer information