Closed czhang03 closed 2 weeks ago
This is already fixed by ublue. If you're still seeing it, then you skipped the postinstall instructions when you initially installed:
https://github.com/secureblue/secureblue/blob/live/POSTINSTALL-README.md#enroll-secureboot-key
Please enroll the secureboot key and try again.
Describe the bug Similar to https://github.com/fedora-silverblue/issue-tracker/issues/543 and https://discussion.fedoraproject.org/t/after-a-system-update-bad-shim-signature-silverblue-f40/120347 where the boot shows "bad shim signature" and "you need to load the kernel first"
This bug was originally mitigated by https://github.com/secureblue/secureblue/commit/cf10674a3a15570cbf1940492019048a4cfc2447 and then the mitigation is reverted in https://github.com/secureblue/secureblue/commit/cb00ab019ee2bcf867acde8f37b4409efd9acef9
To Reproduce update to the latest version of secureblue, which updates kernel to 6.9.4, I believe. Probably also need to enable secureboot. I am using the following kargs (added new line for readability):
Expected behavior OS should be able to boot
Actual behavior OS cannot load the kernel
Your current image The affected image is not the latest image (
40.20240618.0
), not my current image.If you're using a secureblue Bluefin image No.
For all images According to https://github.com/ublue-os/main/issues/551, likely no, but I will try to reproduce tomorrow, if I have time