lcp
commented
8 years ago https://github.com/rhinstaller/shim/blob/master/netboot.c#L213 Well, it's just because PXE loading of MokManager wasn't implemented.
Open cuihaoleo opened 8 years ago
lcp
commented
8 years ago https://github.com/rhinstaller/shim/blob/master/netboot.c#L213 Well, it's just because PXE loading of MokManager wasn't implemented.
cuihaoleo
commented
8 years ago Well...
BTW, how do your fellows test UEFI and secure boot? It's pain to reboot my computer again and again to check my setup.
lcp
commented
8 years ago The easiest way to test secure boot is to setup a virtual machine with OVMF. It supports PXEv4/6 and HTTPBoot. Laszlo wrote a nice document about OVMF: http://www.linux-kvm.org/downloads/lersek/ovmf-whitepaper-c770f8c.txt
Other documents: https://en.opensuse.org/openSUSE:UEFI_Secure_boot_using_qemu-kvm https://fedoraproject.org/wiki/Using_UEFI_with_QEMU
openSUSE packages: https://build.opensuse.org/package/show/Virtualization/ovmf Fedora packages: https://www.kraxel.org/repos/jenkins/edk2/
mattroisang
commented
8 years ago Hi cuihaoleo,
There was a bug in shim 0.9 which makes MokManager not show up. Below is a patch I created to make it work. efi_status = start_image(image_handle, use_fb ? FALLBACK :second_stage);
--- if (efi_status == EFI_SECURITY_VIOLATION) { +++ if (efi_status == EFI_SUCCESS) { efi_status = start_image(image_handle, MOK_MANAGER);
Mat Troi
I'm trying to get UEFI netboot (PXE) working with secure boot. My plan is simply:
I intend to use a custom signed grub2, so it won't fit the built-in key of shim.efi. I think shim.efi should call MokManager if grubx64.efi is invalid, so it give my user a chance to add my key.
But tftp log suggests that shim.efi never tries to fetch MokManager.efi from TFTP server (it does load grubx64.efi). After failing to verify grubx64.efi, it displays a dos style blue screen with following message:
I googled it and cannot find any useful infomation about it. Can you explain the reason of the error, thanks.
I've tried shim 0.8 from Ubuntu and Fedora.