[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue migrating from 2.04 to 2.06: error: shim_lock protocol not fou
From: |
Andrei Borzenkov |
Subject: |
Re: Issue migrating from 2.04 to 2.06: error: shim_lock protocol not found |
Date: |
Fri, 9 Apr 2021 08:42:58 +0300 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1 |
On 07.04.2021 12:58, Fonic Maxxim wrote:
> I have trouble migrating from GRUB 2.04 to GRUB 2.06. My system: PC,
> x86_64, Gentoo Linux.
>
>
> Whenever I select a boot entry in GRUB 2.06, I get this error:
>
> error: shim_lock protocol not found
>
> The same thing happens when I use GRUB's command line, e.g. when
> executing 'chainloader <some-efi-file>'.
>
>
> I'm using Secure Boot with the following setup:
>
> UEFI (with my own keys) -> GRUB (standalone EFI image, signed with UEFI
> key; check_signatures enabled) -> Linux Kernel (signed with GPG key)
>
> As can be seen, I'm not using Shim.
>
>
> How can I solve this?
Create grub image with --disable-shim-lock
> Help is greatly appreciated.
>
> Would there be any benefit in using Shim?
Yes for 99.999% of users. You own post demonstrates it.
> As far as I can tell, Shim is
> only useful if one does not want to enroll custom UEFI keys since it is
> signed by Microsoft and thus works with stock keys. Other than that,
> Shim introduces an additional layer with additional security risks, thus
> I'm not really keen to use it if I don't have to.
>
>
> -- Fonic
>
>