Even then, shim can verify against machine owner keys which are different from
the platform keys of the uefi
On November 22, 2023 2:34:18 PM GMT+01:00, Andrei Borzenkov
wrote:
>On Wed, Nov 22, 2023 at 3:47 PM Federico Angelilli wrote:
>>
>> By bootable disk I ment something you can boot from
1:36:34 AM GMT+01:00, Andrei Borzenkov
wrote:
>On Wed, Nov 22, 2023 at 1:26 PM Federico Angelilli via Support
>requests for the GRand Unified Bootloader wrote:
>>
>> Thank you, I totally missed that since I used Sasaki's guide.
>>
>> Could you please confirm i
Thank you, I totally missed that since I used Sasaki's guide.
Could you please confirm if this is the behavior of shim or I have
misunderstood something?
1) boot to the shim instead of grub (the shim is certified by microsoft)
2) boot to grub from the shim (verified using machine owner keys)
3)
Onestly I don't think that booting to windows is the problem, since it seems as
long as the bootloader is signed (even without a microsoft key, like I'm doing)
chainloading windows will just work.
Also I assume that the windows bootloader and kernel is already signed for SB.
The problem lies in
Yes, I added my key to the uefi pk db. Sorry for being vague but a while passed.
Anyway, everyone seems to agree that for my use case I need the shim. However,
for what I found online (not a lot truthfully) it is a tool separated from grub
made by debian and verified directly by microsoft.
How would I go about installing the "shim"?
Thanks,
Federico
On November 22, 2023 1:59:53 AM GMT+01:00, Randy Goldenberg
wrote:
>https://github.com/hardenedlinux/Debian-GNU-Linux-Profiles/blob/master/docs/hardened_boot/grub-with-secure-boot.md
>
>On Tue, Nov 21, 2023 at 3:14 PM Federico
Hello,
Thanks for responding.
I am quite sure I am not using a shim lock at all. I simply signed with the
uefi key the grub image. How would I go about installing a shim? And is it
necessary?
Thanks,
Federico
Ps: I followed a guide on gentoo's wiki
On November 22, 2023 12:23:07 AM GMT+01:00,