[yocto] verification requested but nobody cares : bzImage while booting in secureboot mode #dunfell #yocto

Mon, 20 Jun 2022 02:44:26 -0700 

Hi ,
I have been trying to enable Secureboot to my board having Intel-x86 
architecture  and I am following the steps given in this link 
https://github.com/jiazhang0/meta-secure-core for Yocto Dunfell branch.

Problem: In non Secureboot mode Yocto Boots normally and everything works fine 
but when Secureboot is enabled till grub it boots and loads grub-menu then after
If I press boot option it will simply throw this error
> 
> verification requested but nobody cares: bzImage

and stucks there.

I am not getting why this error is coming and what fixes to be made.

BTW grub version is grub-efi-2.04.

Below are the local.conf settings for Secureboot.

> 
> UEFI_SB = "1"
> BUNDLE = "1"
> GRUB_SIGN_VERIFY='0'
> GRUB_SIGN_VERIFY_STRICT='0'
> DEBUG_FLAGS_forcevariable = ""
> IMAGE_INSTALL += "kernel-image-bzimage"
> USER_CLASSES_remove = "image-prelink"
> 

> 
> MASTER_KEYS_DIR =
> "/home/yocto/poky/meta-secure-core/meta-signing-key/scripts/user-keys"
> 
> IMA_KEYS_DIR = "${MASTER_KEYS_DIR}/ima_keys"
> IMA_EVM_KEY_DIR = "${MASTER_KEYS_DIR}/ima_keys"
> RPM_KEYS_DIR = "${MASTER_KEYS_DIR}/rpm_keys"
> BOOT_KEYS_DIR = "${MASTER_KEYS_DIR}/boot_keys"
> MOK_SB_KEYS_DIR = "${MASTER_KEYS_DIR}/mok_sb_keys"
> SYSTEM_TRUSTED_KEYS_DIR = "${MASTER_KEYS_DIR}/system_trusted_keys"
> SECONDARY_TRUSTED_KEYS_DIR = "${MASTER_KEYS_DIR}/secondary_trusted_keys"
> MODSIGN_KEYS_DIR = "${MASTER_KEYS_DIR}/modsign_keys"
> UEFI_SB_KEYS_DIR = "${MASTER_KEYS_DIR}/uefi_sb_keys"
> GRUB_PUB_KEY = "${MASTER_KEYS_DIR}/boot_keys/boot_pub_key"
> GRUB_PW_FILE = "${MASTER_KEYS_DIR}/boot_keys/boot_cfg_pw"
> OSTREE_GPGDIR = "${MASTER_KEYS_DIR}/rpm_keys"
> 
> RPM_GPG_NAME = "PKG-SecureCore"
> RPM_GPG_PASSPHRASE = "root"
> RPM_FSK_PASSWORD = "root"
> BOOT_GPG_NAME = "BOOT-SecureCore"
> BOOT_GPG_PASSPHRASE = "root"
> OSTREE_GPGID = "PKG-SecureCore"
> OSTREE_GPG_PASSPHRASE = "root"
> OSTREE_GRUB_PW_FILE = "${GRUB_PW_FILE}"
> 

I am stuck with this issue from last 5 days ,please help me to solve this issue.

Thanks and Regards
Pavan

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#57363): https://lists.yoctoproject.org/g/yocto/message/57363
Mute This Topic: https://lists.yoctoproject.org/mt/91873367/21656
Mute #dunfell:https://lists.yoctoproject.org/g/yocto/mutehashtag/dunfell
Mute #yocto:https://lists.yoctoproject.org/g/yocto/mutehashtag/yocto
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to