[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Issue migrating from 2.04 to 2.06: error: shim_lock protocol not fou
Re: Issue migrating from 2.04 to 2.06: error: shim_lock protocol not found
Tue, 13 Apr 2021 18:54:23 +0200
Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.9.0
On 11.04.21 15:26, Andrei Borzenkov wrote:
On 11.04.2021 12:10, Fonic Maxxim wrote:
On 09.04.21 07:42, Andrei Borzenkov wrote:
On 07.04.2021 12:58, Fonic Maxxim wrote:
I have trouble migrating from GRUB 2.04 to GRUB 2.06. My system: PC,
x86_64, Gentoo Linux.
Whenever I select a boot entry in GRUB 2.06, I get this error:
error: shim_lock protocol not found
The same thing happens when I use GRUB's command line, e.g. when
executing 'chainloader <some-efi-file>'.
I'm using Secure Boot with the following setup:
UEFI (with my own keys) -> GRUB (standalone EFI image, signed with UEFI
key; check_signatures enabled) -> Linux Kernel (signed with GPG key)
As can be seen, I'm not using Shim.
How can I solve this?
Create grub image with --disable-shim-lock
Thanks, I'll give it a try.
Help is greatly appreciated.
Would there be any benefit in using Shim?
Yes for 99.999% of users. You own post demonstrates it.
What would those benefits be? How does my post demonstrate that?
If you used shim, you would not have this issue after update.
That's not a benefit, that's just stating the obvious.
As far as I can tell, Shim is
only useful if one does not want to enroll custom UEFI keys since it is
signed by Microsoft and thus works with stock keys. Other than that,
Shim introduces an additional layer with additional security risks, thus
I'm not really keen to use it if I don't have to.