Open Dvergatal opened 1 month ago
OK, I have fixed the issue with error Loader has been blocked by the current security policy
and now efiupdate.efi
is running without any problems. The issue was I had wrong efi keys in UEFI loaded by LockDown.efi :P
The issue which I'm facing now is that the efishell script which has a line \\EFI\\BOOT\\grubx64.efi
for running grub now is causing the error Script Error Status: Security Voilation (line number <number>)
where <number>
is the number of line where \\EFI\\BOOT\\grubx64.efi
is in this efishell script.
As I have already written, I've created a p7b
signature file for that efishell script, but it doesn't work. Do you have a better idea how to solve this?
Hi, maybe you can file the issue on seloader repo and get help from maintainer: https://github.com/jiazhang0/SELoader
Hi I am trying to chain in secure boot chain another efi, let's call it
efiupdate.efi
. By default SELOADER_CHAINLOADER is set to default which isgrubx64.efi
. Now I would like to put in between thisefiupdate.efi
, which I have succeeded by changing SELOADERCHAINLOADER value toefiupdate.efi
in my seloader%.bbappend. When secure boot is turned off in UEFI everything is working perfectly fine, but when turning secure boot on I'm getting this error thatLoader has been blocked by the current security policy
. I must mention that thisefiupdate.efi
is signed by the same key asseloaderx64.efi
andgrubx64.efi
, meaning Vendor key.So my question is, if somehow the boot order is hardcoded, meaning verification of vendor efi blobs by names? Another question is, because this
efiupdate.efi
is running efishell script and I have even created a sign of it byuks_bl_sign
function, the same which is used for grub*.inc
files, can it be that the cause of the issue that efi shell script is not allowed to run?