[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Verify the signature of OSes (for SB)
|
From: |
Federico Angelilli |
|
Subject: |
Verify the signature of OSes (for SB) |
|
Date: |
Tue, 21 Nov 2023 23:25:10 +0100 |
|
User-agent: |
Mozilla Thunderbird |
Hello,
A few months ago I decided to turn on secure boot on my dual os desktop,
mainly due to some SB related shenanigans in Windows 11.
After a (fairly long) session of trial and error, I finally got
everything to work like this:
1) Whenever my kernel is built (I'm using a custom kernel) sign it with
the right SB key
2) When updating grub, sign it with the SB key as well
Everything now works: I can boot with SB enabled to grub, then I can
either choose to use the linux signed kernel or the windows chainloader.
Except for a small detail: I can boot even from the unsigned kernels.
While I first thought of it as an error on my configuration, I turned out to
be a shortcoming in grub itself (as far as I understand), that simply
cannot verify sb signatures on its own.
So, how can I set up grub in a way that I can:
1) boot with secure boot enable to the grub menu
2) only boot from entries that are signed themselves
Thanks,
Federico
- Verify the signature of OSes (for SB),
Federico Angelilli <=
- Re: Verify the signature of OSes (for SB), Adam Vodopjan, 2023/11/21
- Re: Verify the signature of OSes (for SB), Federico Angelilli, 2023/11/22
- Re: Verify the signature of OSes (for SB), Adam Vodopjan, 2023/11/22
- Re: Verify the signature of OSes (for SB), Federico Angelilli, 2023/11/22
- Re: Verify the signature of OSes (for SB), Andrei Borzenkov, 2023/11/22
- Re: Verify the signature of OSes (for SB), Federico Angelilli, 2023/11/22
- Re: Verify the signature of OSes (for SB), Andrei Borzenkov, 2023/11/22
- Re: Verify the signature of OSes (for SB), Federico Angelilli, 2023/11/23
Re: Verify the signature of OSes (for SB), Randy Goldenberg, 2023/11/21
Re: Verify the signature of OSes (for SB), Randy Goldenberg, 2023/11/21