help-grub
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

public key not being added to store


From: Akshath Hegde
Subject: public key not being added to store
Date: Fri, 12 Aug 2022 21:57:38 +0530

Hi,
I'm trying to bring up ubuntu on qemu with secure boot enabled. I have
registered PK, KEK and db, and enabled secure boot option.

In the initial grub.cfg file under ESP, I have set check_signatures to
enforce. This file is signed by my gpg key. After this I'm creating a grub
image with --pubkey option set to gpg key file and modules containing  "
pgp verifiers gcry_sha256 gcry_sha512 gcry_dsa gcry_rsa"

The created grubx64.efi, vmlinuz  are signed with db key and all the grub
modules, the second grub cfg file, vmlinuz and initrd  are signed with my
gpg key

But with this the image fails to boot. In the grub console, I see
list_trusted is empty. But in the grub image hexdump I see the key is
present and pgp has been included in the modules while creating the image.
On the console, insmod gpg doesn't seem to change this either as trusted
list is still empty. I have set debug to loader,verify, but don't see any
messages coming up.
Any help in debugging further  would be appreciated

Thanks
Akshath


reply via email to

[Prev in Thread] Current Thread [Next in Thread]