[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
public key not being added to store
|
From: |
Akshath Hegde |
|
Subject: |
public key not being added to store |
|
Date: |
Fri, 12 Aug 2022 21:57:38 +0530 |
Hi,
I'm trying to bring up ubuntu on qemu with secure boot enabled. I have
registered PK, KEK and db, and enabled secure boot option.
In the initial grub.cfg file under ESP, I have set check_signatures to
enforce. This file is signed by my gpg key. After this I'm creating a grub
image with --pubkey option set to gpg key file and modules containing "
pgp verifiers gcry_sha256 gcry_sha512 gcry_dsa gcry_rsa"
The created grubx64.efi, vmlinuz are signed with db key and all the grub
modules, the second grub cfg file, vmlinuz and initrd are signed with my
gpg key
But with this the image fails to boot. In the grub console, I see
list_trusted is empty. But in the grub image hexdump I see the key is
present and pgp has been included in the modules while creating the image.
On the console, insmod gpg doesn't seem to change this either as trusted
list is still empty. I have set debug to loader,verify, but don't see any
messages coming up.
Any help in debugging further would be appreciated
Thanks
Akshath
- public key not being added to store,
Akshath Hegde <=