Open cuihaoleo opened 8 years ago
https://github.com/rhinstaller/shim/blob/master/netboot.c#L213 Well, it's just because PXE loading of MokManager wasn't implemented.
Well...
BTW, how do your fellows test UEFI and secure boot? It's pain to reboot my computer again and again to check my setup.
The easiest way to test secure boot is to setup a virtual machine with OVMF. It supports PXEv4/6 and HTTPBoot. Laszlo wrote a nice document about OVMF: http://www.linux-kvm.org/downloads/lersek/ovmf-whitepaper-c770f8c.txt
Other documents: https://en.opensuse.org/openSUSE:UEFI_Secure_boot_using_qemu-kvm https://fedoraproject.org/wiki/Using_UEFI_with_QEMU
openSUSE packages: https://build.opensuse.org/package/show/Virtualization/ovmf Fedora packages: https://www.kraxel.org/repos/jenkins/edk2/
Hi cuihaoleo,
There was a bug in shim 0.9 which makes MokManager not show up. Below is a patch I created to make it work. efi_status = start_image(image_handle, use_fb ? FALLBACK :second_stage);
--- if (efi_status == EFI_SECURITY_VIOLATION) { +++ if (efi_status == EFI_SUCCESS) { efi_status = start_image(image_handle, MOK_MANAGER);
Mat Troi
I'm trying to get UEFI netboot (PXE) working with secure boot. My plan is simply:
I intend to use a custom signed grub2, so it won't fit the built-in key of shim.efi. I think shim.efi should call MokManager if grubx64.efi is invalid, so it give my user a chance to add my key.
But tftp log suggests that shim.efi never tries to fetch MokManager.efi from TFTP server (it does load grubx64.efi). After failing to verify grubx64.efi, it displays a dos style blue screen with following message:
I googled it and cannot find any useful infomation about it. Can you explain the reason of the error, thanks.
I've tried shim 0.8 from Ubuntu and Fedora.