[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue migrating from 2.04 to 2.06: error: shim_lock protocol not fou
Re: Issue migrating from 2.04 to 2.06: error: shim_lock protocol not found
Sun, 11 Apr 2021 11:10:49 +0200
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
On 09.04.21 07:42, Andrei Borzenkov wrote:
On 07.04.2021 12:58, Fonic Maxxim wrote:
I have trouble migrating from GRUB 2.04 to GRUB 2.06. My system: PC,
x86_64, Gentoo Linux.
Whenever I select a boot entry in GRUB 2.06, I get this error:
error: shim_lock protocol not found
The same thing happens when I use GRUB's command line, e.g. when
executing 'chainloader <some-efi-file>'.
I'm using Secure Boot with the following setup:
UEFI (with my own keys) -> GRUB (standalone EFI image, signed with UEFI
key; check_signatures enabled) -> Linux Kernel (signed with GPG key)
As can be seen, I'm not using Shim.
How can I solve this?
Create grub image with --disable-shim-lock
Thanks, I'll give it a try.
Help is greatly appreciated.
Would there be any benefit in using Shim?
Yes for 99.999% of users. You own post demonstrates it.
What would those benefits be? How does my post demonstrate that?
As far as I can tell, Shim is
only useful if one does not want to enroll custom UEFI keys since it is
signed by Microsoft and thus works with stock keys. Other than that,
Shim introduces an additional layer with additional security risks, thus
I'm not really keen to use it if I don't have to.