Re: After update to 8 (2004) ... system is unbootable - UEFI Secure boot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 29/07/2020 19:43, Leon Fauster via CentOS wrote:

Did you got managed to boot kernel-4.18.0-193.14.2.el8_2 or a newer one?
I must still boot into kernel-4.18.0-147.8.1.el8_1.x86_64 ... and with the upcoming new kernel that depends on a new shim and grub2 package I wonder about the implications for my XPS hardware ...


The following article discusses a way to add a hash for older kernels to the Allow List that should allow older kernels to continue to boot:

https://access.redhat.com/security/vulnerabilities/grub2bootloader

Quoting...

Red Hat Enterprise Linux 8

Due to hardening within the kernel, which is released as part of these updates, previous Red Hat Enterprise Linux 8 kernel versions have not been added to shim’s allow list. If you are running with Secure Boot enabled, and the user needs to boot to an older kernel version, its hash must be manually enrolled into the trust list. This is achieved by executing the following commands:

# pesign -P -h -i /boot/vmlinuz-<version>

# mokutil --import-hash <hash value returned from pesign>

# reboot

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux