[Git-commits] [grml/grml-live] eaa7b5: EFI/BOOT/README: document file usage
Michael Prokop
mika at grml.org
Wed Oct 17 17:21:27 CEST 2018
Branch: refs/heads/master
Home: https://github.com/grml/grml-live
Commit: eaa7b568cd92a5eaf0584153a6e862d9fc09dfc8
https://github.com/grml/grml-live/commit/eaa7b568cd92a5eaf0584153a6e862d9fc09dfc8
Author: Michael Prokop <mika at grml.org>
Date: 2018-10-17 (Wed, 17 Oct 2018)
Changed paths:
M templates/EFI/BOOT/README
Log Message:
-----------
EFI/BOOT/README: document file usage
Commit: 8c2668bf55e917289d87d9f59f93763d019a32ca
https://github.com/grml/grml-live/commit/8c2668bf55e917289d87d9f59f93763d019a32ca
Author: Michael Prokop <mika at grml.org>
Date: 2018-10-17 (Wed, 17 Oct 2018)
Changed paths:
M templates/EFI/BOOT/README
M templates/EFI/BOOT/grubx64.efi.signed
Log Message:
-----------
EFI/BOOT: bring back files from Ubuntu 18.04
Bring back the state of EFI/BOOT files as of commit
bc4f02658ffa63a71ef1bc4f37ae3707ff580382 plus the config change with
commit c35a30b42bac4de7089f936d6917b246ade6d5c5, as this was the last
GRUB version that's known to be working with *unsigned* kernel files.
Otherwise SecureBoot fails to boot with:
| Loading kernel...
| error: /boot/grml/vmlinuz has invalid signature.
| Loading initrd...
| error: you need to load the kernel first.
when using grub2-signed (corresponding to Ubuntu's GRUB 2.02+dfsg1-5ubuntu7) with files e.g. from
http://de.archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.38+15+1533136590.3beb971-0ubuntu1_amd64.deb +
http://de.archive.ubuntu.com/ubuntu/pool/main/g/grub2-signed/grub-efi-amd64-signed_1.109+2.02+dfsg1-5ubuntu7_amd64.deb
This might be related to the change introduced in:
| grub2-signed (1.93.4) bionic; urgency=medium
|
| * Rebuild against grub2 2.02-2ubuntu8.3 and check kernel is signed on
| amd64 EFI before installing grub (LP: #1786491).
|
| -- Julian Andres Klode <juliank at ubuntu.com> Mon, 13 Aug 2018 12:51:32 +0200
JFTR, as of 2018-10-17 we have in Ubuntu:
| % rmadison -u ubuntu grub-efi-amd64-signed
| grub-efi-amd64-signed | 1.9~ubuntu12.04.10+1.99-21ubuntu3.19 | precise-security | amd64
| grub-efi-amd64-signed | 1.9~ubuntu12.04.10+1.99-21ubuntu3.19 | precise-updates | amd64
| grub-efi-amd64-signed | 1.34+2.02~beta2-9 | trusty | amd64
| grub-efi-amd64-signed | 1.34.7+2.02~beta2-9ubuntu1.6 | trusty-security | amd64
| grub-efi-amd64-signed | 1.34.17+2.02~beta2-9ubuntu1.15 | trusty-updates | amd64
| grub-efi-amd64-signed | 1.66+2.02~beta2-36ubuntu3 | xenial | amd64
| grub-efi-amd64-signed | 1.66.18+2.02~beta2-36ubuntu3.18 | xenial-updates | amd64
| grub-efi-amd64-signed | 1.93+2.02-2ubuntu8 | bionic | amd64
| grub-efi-amd64-signed | 1.93.7+2.02-2ubuntu8.6 | bionic-updates | amd64
| grub-efi-amd64-signed | 1.93.8+2.02-2ubuntu8.7 | bionic-proposed | amd64
| grub-efi-amd64-signed | 1.109+2.02+dfsg1-5ubuntu7 | cosmic | amd64
Note that EFI boot with ovmf 0~20161202.7bbe0b3e-1 with kvm/qemu on
Debian/stretch fails, resulting in a grub shell prompt of GRUB
2.02-2ubuntu8 (without any menu), e.g. when invoked via:
| % qemu-system-x86_64 -bios /usr/share/qemu/OVMF.fd -vga qxl -hda grml.iso -m 512
Both the ovmf versions from kraxel as well from current Debian/testing
AKA buster work though:
| % wget https://www.kraxel.org/repos/jenkins/edk2/edk2.git-ovmf-x64-0-20180807.281.gc526dcd40f.noarch.rpm
| % rpm2cpio edk2.git-ovmf-x64-0-20180807.281.gc526dcd40f.noarch.rpm | cpio -idmv
| % qemu-system-x86_64 -bios ./usr/share/edk2.git/ovmf-x64/OVMF-pure-efi.fd -vga qxl -hda grml.iso -m 512
+
| % wget http://ftp.de.debian.org/debian/pool/main/e/edk2/ovmf_0~20180812.cb5f4f45-1_all.deb
| % dpkg -x ovmf_0\~20180812.cb5f4f45-1_all.deb ovmf
| % qemu-system-x86_64 -bios ovmf/usr/share/ovmf/OVMF.fd -vga qxl -hda grml.iso -m 512
Closes: https://github.com/grml/grml/issues/105
and possibly also related to https://github.com/grml/grml-live/issues/59
Compare: https://github.com/grml/grml-live/compare/dadd8e03c24b...8c2668bf55e9
**NOTE:** This service has been marked for deprecation: https://developer.github.com/changes/2018-04-25-github-services-deprecation/
Functionality will be removed from GitHub.com on January 31st, 2019.
More information about the Git-commits
mailing list