[Git-commits] [grml/grml-live] eaa7b5: EFI/BOOT/README: document file usage

Michael Prokop mika at grml.org
Wed Oct 17 17:21:27 CEST 2018 

  Branch: refs/heads/master
  Home:   https://github.com/grml/grml-live
  Commit: eaa7b568cd92a5eaf0584153a6e862d9fc09dfc8
      https://github.com/grml/grml-live/commit/eaa7b568cd92a5eaf0584153a6e862d9fc09dfc8
  Author: Michael Prokop <mika at grml.org>
  Date:   2018-10-17 (Wed, 17 Oct 2018)

  Changed paths:
    M templates/EFI/BOOT/README

  Log Message:
  -----------
  EFI/BOOT/README: document file usage


  Commit: 8c2668bf55e917289d87d9f59f93763d019a32ca
      https://github.com/grml/grml-live/commit/8c2668bf55e917289d87d9f59f93763d019a32ca
  Author: Michael Prokop <mika at grml.org>
  Date:   2018-10-17 (Wed, 17 Oct 2018)

  Changed paths:
    M templates/EFI/BOOT/README
    M templates/EFI/BOOT/grubx64.efi.signed

  Log Message:
  -----------
  EFI/BOOT: bring back files from Ubuntu 18.04

Bring back the state of EFI/BOOT files as of commit
bc4f02658ffa63a71ef1bc4f37ae3707ff580382 plus the config change with
commit c35a30b42bac4de7089f936d6917b246ade6d5c5, as this was the last
GRUB version that's known to be working with *unsigned* kernel files.

Otherwise SecureBoot fails to boot with:

| Loading kernel...
| error: /boot/grml/vmlinuz has invalid signature.
| Loading initrd...
| error: you need to load the kernel first.

when using grub2-signed (corresponding to Ubuntu's GRUB 2.02+dfsg1-5ubuntu7) with files e.g. from
http://de.archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.38+15+1533136590.3beb971-0ubuntu1_amd64.deb +
http://de.archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub-efi-amd64-signed_1.109+2.02+dfsg1-5ubuntu7_amd64.deb

This might be related to the change introduced in:

| grub2-signed (1.93.4) bionic; urgency=medium
|
|   * Rebuild against grub2 2.02-2ubuntu8.3 and check kernel is signed on
|     amd64 EFI before installing grub (LP: #1786491).
|
|  -- Julian Andres Klode <juliank at ubuntu.com>  Mon, 13 Aug 2018 12:51:32 +0200

JFTR, as of 2018-10-17 we have in Ubuntu:

| % rmadison -u ubuntu grub-efi-amd64-signed
|  grub-efi-amd64-signed | 1.9~ubuntu12.04.10+1.99-21ubuntu3.19 | precise-security | amd64
|  grub-efi-amd64-signed | 1.9~ubuntu12.04.10+1.99-21ubuntu3.19 | precise-updates  | amd64
|  grub-efi-amd64-signed | 1.34+2.02~beta2-9                    | trusty           | amd64
|  grub-efi-amd64-signed | 1.34.7+2.02~beta2-9ubuntu1.6         | trusty-security  | amd64
|  grub-efi-amd64-signed | 1.34.17+2.02~beta2-9ubuntu1.15       | trusty-updates   | amd64
|  grub-efi-amd64-signed | 1.66+2.02~beta2-36ubuntu3            | xenial           | amd64
|  grub-efi-amd64-signed | 1.66.18+2.02~beta2-36ubuntu3.18      | xenial-updates   | amd64
|  grub-efi-amd64-signed | 1.93+2.02-2ubuntu8                   | bionic           | amd64
|  grub-efi-amd64-signed | 1.93.7+2.02-2ubuntu8.6               | bionic-updates   | amd64
|  grub-efi-amd64-signed | 1.93.8+2.02-2ubuntu8.7               | bionic-proposed  | amd64
|  grub-efi-amd64-signed | 1.109+2.02+dfsg1-5ubuntu7            | cosmic           | amd64

Note that EFI boot with ovmf 0~20161202.7bbe0b3e-1 with kvm/qemu on
Debian/stretch fails, resulting in a grub shell prompt of GRUB
2.02-2ubuntu8 (without any menu), e.g. when invoked via:

| % qemu-system-x86_64 -bios /usr/share/qemu/OVMF.fd -vga qxl -hda grml.iso -m 512

Both the ovmf versions from kraxel as well from current Debian/testing
AKA buster work though:

| % wget https://www.kraxel.org/repos/jenkins/edk2/edk2.git-ovmf-x64-0-20180807.281.gc526dcd40f.noarch.rpm
| % rpm2cpio edk2.git-ovmf-x64-0-20180807.281.gc526dcd40f.noarch.rpm | cpio -idmv
| % qemu-system-x86_64 -bios ./usr/share/edk2.git/ovmf-x64/OVMF-pure-efi.fd -vga qxl -hda grml.iso -m 512

+

| % wget http://ftp.de.debian.org/debian/pool/main/e/edk2/ovmf_0~20180812.cb5f4f45-1_all.deb
| % dpkg -x ovmf_0\~20180812.cb5f4f45-1_all.deb ovmf
| % qemu-system-x86_64 -bios ovmf/usr/share/ovmf/OVMF.fd -vga qxl -hda grml.iso -m 512

Closes: https://github.com/grml/grml/issues/105

and possibly also related to https://github.com/grml/grml-live/issues/59


Compare: https://github.com/grml/grml-live/compare/dadd8e03c24b...8c2668bf55e9
      **NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/

      Functionality will be removed from GitHub.com on January 31st, 2019.

More information about the Git-commits mailing list