[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GRUB can't chainload Windows under Secure Boot
From: |
Giovanni Santini |
Subject: |
Re: GRUB can't chainload Windows under Secure Boot |
Date: |
Thu, 8 Dec 2016 13:09:22 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 |
Il 08/12/2016 12:31, Andrei Borzenkov ha scritto:
>
> I understand that this needs clarification.
>
> GRUB itself is completely Secure Boot agnostic - if you sign binary it
> will likely work and will be able to also chainload other signed
> binaries as long as firmware accepts them.
>
> What it does not support is explicit signature verification using
> popular shim protocol which can be considered bypassing firmware check
> entirely.
>
Ok, I see...
A (I suppose stupid) question: using Preloader should not affect it, right?
Preloader enrolls the binary of grub as valid so it can be started;
but, by that logic, it says nothing to grub about which binaries can
be chainloaded. Isn't it?
I am pretty ignorant from this point of view, I am sorry about it.
>
> https://bugzilla.opensuse.org/show_bug.cgi?id=954126#c6
>
Thanks for the link!
I've donwloaded the grub2 sources for OpenSUSE Tumbleweed (which seems
works now, from the follow up comments in your link) and I was checking
the Secure Boot patches. I think that the most relevant of them is the
one named 'grub2-secureboot-chainloader'. Not sure 100% though.
Additionally, I don't know if have ever seen some ArchLinux packaging
stuff; the build is done with the following git tags:
_GRUB_GIT_TAG="grub-2.02-beta3"
_GRUB_EXTRAS_COMMIT="f2a079441939eee7251bf141986cdd78946e1d20"
I was thinking I can add some of the OpenSUSE patches to the Arch build
to add the missing support for SB.
--
Giovanni Santini
My blog: http://giovannisantini.tk
My code: https://git{hub,lab}.com/ItachiSan
My GPG: 2FADEBF5
- GRUB can't chainload Windows under Secure Boot, Giovanni Santini, 2016/12/07
- Re: GRUB can't chainload Windows under Secure Boot, Andrei Borzenkov, 2016/12/07
- Re: GRUB can't chainload Windows under Secure Boot, Giovanni Santini, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot, Andrei Borzenkov, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot,
Giovanni Santini <=
- Re: GRUB can't chainload Windows under Secure Boot, Andrei Borzenkov, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot, Giovanni Santini, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot, Andrei Borzenkov, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot, Giovanni Santini, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot, Andrei Borzenkov, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot, Andrei Borzenkov, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot, Giovanni Santini, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot, Andrei Borzenkov, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot, Giovanni Santini, 2016/12/08
- Re: GRUB can't chainload Windows under Secure Boot, Andrei Borzenkov, 2016/12/08