On Mi, 23.11.22 11:44, Daniel Harms (jdharms@xxxxxxxxx) wrote: > Lennart, > > That is how we're hoping it should work, so it's good to hear. I > suppose I'm not sure that it's the firmware driving this process--I > just assumed because I know that the UEFI spec has verbiage requiring > EFI boot managers to try next options in case of certain failure > cases. I think you're probably right in that sd-boot *should* be able > to continue onwards down the list. > > We're seeing the following error message in red text: > > ---------------- > > Error loading \EFI\Linux\linux-5.15.0-unsigned.efi: Security Policy Violation > > Failed to execute [entry config name] > (\EFI\Linux\linux-5.15.0-unsigned.efi): Security Policy Violation > > ------------ > > What I believe is happening based on these messages is that > image_start() is returning an error here: > https://github.com/systemd/systemd/blob/v252/src/boot/efi/boot.c#L2747 > and the `goto out;` is being executed, ending/preventing any looping > over boot options. > > If this is a bug, I'd be willing to attempt a pull request submission > if a suggested fix is given. Overall we like the functionality > sd-boot provides and the integration with systemd, but this is likely > a hard requirement for our use case. Yes please file an issue on github first, and this does sound a lot like something we should fix, hence a PR that addresses this would be more than welcome, too. Lennart -- Lennart Poettering, Berlin
Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Wed, 23 Nov 2022 17:56:49 +0100
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <CA+E_+Mo_pL+STPQaxRvz05hZ8h_qhT0nV0u1-ShDbFUm9psvoQ@mail.gmail.com>
- References: <CA+E_+MqOSoGqgeo=p9HTf_dTjRKdRnmQvini98EahnNrH2eiug@mail.gmail.com> <Y35EltU0Sd9AKJh+@gardel-login> <CA+E_+Mo_pL+STPQaxRvz05hZ8h_qhT0nV0u1-ShDbFUm9psvoQ@mail.gmail.com>
- Follow-Ups:
- Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Lennart Poettering
- Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- References:
- Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Daniel Harms
- Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Lennart Poettering
- Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- From: Daniel Harms
- Prevent firmware from falling back to next EFI boot option on secure boot failure?
- Prev by Date: Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- Next by Date: Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- Previous by thread: Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- Next by thread: Re: Prevent firmware from falling back to next EFI boot option on secure boot failure?
- Index(es):
 |