[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #62846] Failed to boot compressed kernel when secure boot is enable
From: |
Qiumiao Zhang |
Subject: |
[bug #62846] Failed to boot compressed kernel when secure boot is enabled |
Date: |
Sun, 31 Jul 2022 22:25:23 -0400 (EDT) |
URL:
<https://savannah.gnu.org/bugs/?62846>
Summary: Failed to boot compressed kernel when secure boot is
enabled
Project: GNU GRUB
Submitter: century6
Submitted: Mon 01 Aug 2022 02:25:22 AM UTC
Category: Booting
Severity: Major
Priority: 5 - Normal
Item Group: Software Error
Status: None
Privacy: Public
Assigned to: None
Originator Name: Qiumiao Zhang
Originator Email: zhangqiumiao1@huawei.com
Open/Closed: Open
Release: Git master
Release:
Discussion Lock: Any
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Mon 01 Aug 2022 02:25:22 AM UTC By: Qiumiao Zhang <century6>
Versions affected: 2.06
Reproduced on: UEFI & secure boot
Tested on: QEMU virtual machine (aarch64) with Linux
When I tried to boot the gzip compressed kernel through grub2, shim could not
verify the signature of the kernel. I think the reason for this problem is
that grub2 always handles the kernel in a fixed order: try to verify it first,
and then try to decompress it. When building the kernel, we have to sign the
kernel first and then compress it, because compressed files cannot be signed.
In this case, grub2 should try to decompress the kernel first, and then verify
its signature.
A minor patch could fix it, please see the attachment.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Mon 01 Aug 2022 02:25:22 AM UTC Name:
verifiers-Fix-compressed-kernel-verification-failed.patch Size: 986B By:
century6
<http://savannah.gnu.org/bugs/download.php?file_id=53493>
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?62846>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
- [bug #62846] Failed to boot compressed kernel when secure boot is enabled,
Qiumiao Zhang <=