> > This is a low priority bug for ubuntu, cause it has grub2-signed > > package. But in debian case it becomes problematic as debian has no > > grub2-signed package. > > It doesn't have one *yet*. This is planned.
Yeah, I know. That's why this bug is quite significant. Currently we should do the following truck to boot debian in secure boot environment 1) built our own monolithic grub 2) eject hard drive from target system and connect it to the system with disabled secure boot 3) prepare boot media (on computer with disabled secure boot) a) copy /usr/lib/shim/shimx64.efi.signed to /boot/efi/EFI/boot/bootx64.efi b) copy /usr/lib/shim/mmx64.efi.signed to /boot/efi/EFI/boot/grubx64.efi c) put self-built monolithic grub to /boot/efi/EFI/boot/somename.efi 4) boot with prepared media on target system to add our self-built monolithic grub to the chain of trust using MokManager (see 3b and 3c) 5) eject hard drive from target system and connect it the system with disabled secure boot (again) 6) modify prepared media (on computer with disabled secure boot) a) rename /boot/efi/EFI/boot/grubx64.efi to /boot/efi/EFI/boot/mmx64.efi b) rename /boot/efi/EFI/boot/somename.efi to /boot/efi/EFI/boot/grubx64.efi 7) enjoy debian in secure boot environment With the bug fixed we may skip step 5 and step 6. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1692373 Title: shim fails to load MokManager (mmx64.efi) in the case of unsigned grub To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1692373/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
