Am 29.07.20 um 20:54 schrieb Phil Perry:
On 29/07/2020 19:43, Leon Fauster via CentOS wrote:
Did you got managed to boot kernel-4.18.0-193.14.2.el8_2 or a newer one?
I must still boot into kernel-4.18.0-147.8.1.el8_1.x86_64 ... and with
the upcoming new kernel that depends on a new shim and grub2 package I
wonder about the implications for my XPS hardware ...
The following article discusses a way to add a hash for older kernels to
the Allow List that should allow older kernels to continue to boot:
https://access.redhat.com/security/vulnerabilities/grub2bootloader
Quoting...
Red Hat Enterprise Linux 8
Due to hardening within the kernel, which is released as part of these
updates, previous Red Hat Enterprise Linux 8 kernel versions have not
been added to shim’s allow list. If you are running with Secure Boot
enabled, and the user needs to boot to an older kernel version, its hash
must be manually enrolled into the trust list. This is achieved by
executing the following commands:
# pesign -P -h -i /boot/vmlinuz-<version>
# mokutil --import-hash <hash value returned from pesign>
# reboot
Thank you very much, Phil! This helps to boot the old kernel.
Also the newer kernel-4.18.0-193.14.2.el8_2.x86_64 can not boot on
this notebook (Intel i7-8750H (06-9e-0a) / DELL XPS 15 9570).
I had open a bug report already (not public as usual for kernels)
https://bugzilla.redhat.com/show_bug.cgi?id=1848743
Does someone else has this problem?
--
Leon
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos