On 22/11/22 02:25, stan via users wrote:
On Mon, 21 Nov 2022 18:54:49 +1100
Stephen Morris <samorris@xxxxxxxxxxxxxxx> wrote:
Hi,
I am getting the following error message displayed before the
display of the grub boot menu, can someone explain to me what this
means and why it is occurring in F37 when it was never produced in
F36, and what I need to do to rectify it?
error: ../../grub-core/kern/efi/sb.c:169:prohibited
by secure boot policy
I am running f37 and have nothing like sb.c or grub-core on my system.
I am guessing that those are some customization that you have installed
yourself? If so, my thought would be that the efi boot process
security has been tightened, and that those are not included in the
allowed boot policy. There seems to be an initiative to tighten the
efi boot procedure so that it is verifiably unalterable from repo to
the running system. This includes writing a 'measure' for all involved
files and ensuring they pass a check of that 'measure' before they are
used. I don't know how far this initiative has progressed, but you
might be seeing some fallout from that.
Those are not things I have installed myself as far as I am aware, they
are a standard part of the grub environment installed as part of the
fedora environment install.
From what I can see on the net this error is not unusual in Fedora and
Ubuntu and seems to be related to signing keys not being in the secure
boot shim, but I haven't found detailed instructions on how to get them
in there for grub, I've got detailed instructions for the akmod nvidia
drivers on how to rectify the secure boot issues with compiling those.
From what I can see around this issue on the net, around logic that is
in that code, I would be guessing that sb.c is something that is
installed in systems where full secureboot is active, as there seemed to
be specifications in there on thing that were and weren't allowed in
secure boot, but I didn't understand what linux components were being
referenced by that logic.
These issues seem to be tied to the fact that F37 is now booting with
Grub and not with what F36 was booting with (possibly systemd?), and in
F37 the grub-gfxmode statement in /etc/default/grub that worked fine in
F36 does not work in F37 even though the associated statements are added
to grub.cfg, they seem to be being ignored (I'm thinking about raising
another thread on this issue).
regards,
Steve
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
