On Wed, Nov 22, 2023 at 3:47 PM Federico Angelilli wrote:
>
> By bootable disk I ment something you can boot from grub (a kernel or
> initramfs or windows).
>
> The "shim" doesn't seem like a grub module, rather it seems like another
> bootloader that immediately runs grub and is mostly useful
By bootable disk I ment something you can boot from grub (a kernel or initramfs
or windows).
The "shim" doesn't seem like a grub module, rather it seems like another
bootloader that immediately runs grub and is mostly useful for the first stage,
that is being verified by the uefi. Unless grub
On Wed, Nov 22, 2023 at 1:26 PM Federico Angelilli via Support
requests for the GRand Unified Bootloader wrote:
>
> Thank you, I totally missed that since I used Sasaki's guide.
>
> Could you please confirm if this is the behavior of shim or I have
> misunderstood something?
> 1) boot to the
Thank you, I totally missed that since I used Sasaki's guide.
Could you please confirm if this is the behavior of shim or I have
misunderstood something?
1) boot to the shim instead of grub (the shim is certified by microsoft)
2) boot to grub from the shim (verified using machine owner keys)
3)
Onestly I don't think that booting to windows is the problem, since it seems as
long as the bootloader is signed (even without a microsoft key, like I'm doing)
chainloading windows will just work.
Also I assume that the windows bootloader and kernel is already signed for SB.
The problem lies in
There is a dedicated page in the wiki
https://wiki.gentoo.org/wiki/Shim
On 22/11/2023 07:06, Federico Angelilli wrote:
> Hello,
> Thanks for responding.
>
> I am quite sure I am not using a shim lock at all. I simply signed with the
> uefi key the grub image. How would I go about installing a
Yes, I added my key to the uefi pk db. Sorry for being vague but a while passed.
Anyway, everyone seems to agree that for my use case I need the shim. However,
for what I found online (not a lot truthfully) it is a tool separated from grub
made by debian and verified directly by microsoft.
Hi
Hello,
I already imported the sb keys from the uefi and signed my grub image. However
the problem is that apart from the uefi verification of the grub image itself,
no other verification is done by grub. This would mean that I can actually boot
on unsigned kernels from grub (with sb
On Wed, Nov 22, 2023 at 10:37 AM Federico Angelilli wrote:
>
> Hello,
> I already imported the sb keys from the uefi and signed my grub image.
> However the problem is that apart from the uefi verification of the grub
> image itself, no other verification is done by grub.
grub is using shim