On Thu, 3 Mar 2022, 20:01 Rogério Valentim Feitoza da Silva, <rogerio.silva3920@xxxxxxxxx> wrote:
Rupesh has disabled Secure Boot because the kernel that Rupesh
compiled couldn't boot with Secure Boot enabled.
GRUB failed to load the kernel with the message "bad shim signature"
and the "boot" command failed with
"you need to load the kernel first" error (because the kernel failed to load).
Ah, I understand.
This is one more reason why he shouldn't change his .config file: he has no knowledge of how kernels are built and of how the boot process in modern PC works :)
I mean that he shouldn't had disabled secure boot for his custom kernel.
Developers / Administrators generate their own machine owner key and enroll them in UEFI. Then they build custom signed kernels and loadable modules, install and boot.
Disabling secure boot just because one doesn't know how to enroll their keys and sign kernel objects is a very dangerous thing to do.
It's easy and lots of tutorials are in the web.
Regards,
Fabio M. De Francesco
-Rogério Valentim
_______________________________________________ Kernelnewbies mailing list Kernelnewbies@xxxxxxxxxxxxxxxxx https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
