[bug #62846] Failed to boot compressed kernel when secure boot is enable

bug-grub

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #62846] Failed to boot compressed kernel when secure boot is enable

From:	Qiumiao Zhang
Subject:	[bug #62846] Failed to boot compressed kernel when secure boot is enabled
Date:	Sun, 31 Jul 2022 22:25:23 -0400 (EDT)

URL:
  <https://savannah.gnu.org/bugs/?62846>

                 Summary: Failed to boot compressed kernel when secure boot is
enabled
                 Project: GNU GRUB
               Submitter: century6
               Submitted: Mon 01 Aug 2022 02:25:22 AM UTC
                Category: Booting
                Severity: Major
                Priority: 5 - Normal
              Item Group: Software Error
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: Qiumiao Zhang
        Originator Email: zhangqiumiao1@huawei.com
             Open/Closed: Open
                 Release: Git master
                 Release: 
         Discussion Lock: Any
         Reproducibility: Every Time
         Planned Release: None


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Mon 01 Aug 2022 02:25:22 AM UTC By: Qiumiao Zhang <century6>
Versions affected: 2.06
Reproduced on: UEFI & secure boot
Tested on: QEMU virtual machine (aarch64) with Linux

When I tried to boot the gzip compressed kernel through grub2, shim could not
verify the signature of the kernel. I think the reason for this problem is
that grub2 always handles the kernel in a fixed order: try to verify it first,
and then try to decompress it. When building the kernel, we have to sign the
kernel first and then compress it, because compressed files cannot be signed.
In this case, grub2 should try to decompress the kernel first, and then verify
its signature.

A minor patch could fix it, please see the attachment.






    _______________________________________________________
File Attachments:


-------------------------------------------------------
Date: Mon 01 Aug 2022 02:25:22 AM UTC  Name:
verifiers-Fix-compressed-kernel-verification-failed.patch  Size: 986B   By:
century6

<http://savannah.gnu.org/bugs/download.php?file_id=53493>

    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?62846>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #62846] Failed to boot compressed kernel when secure boot is enabled, Qiumiao Zhang <=
- [bug #62846] Failed to boot compressed kernel when secure boot is enabled, Vladimir Serbinenko, 2022/07/31

Prev by Date: "grub-mkconfig -v" does not honor the output
Next by Date: [bug #62846] Failed to boot compressed kernel when secure boot is enabled
Previous by thread: "grub-mkconfig -v" does not honor the output
Next by thread: [bug #62846] Failed to boot compressed kernel when secure boot is enabled
Index(es):
- Date
- Thread