Bug #16705

grubx64.efi fails to boot with Secure Boot

Added by roman plevka 9 months ago. Updated 7 months ago.

Assigned To:Lukas Zapletal
Category:Foreman modules
Target version:Foreman - Team Daniel - iteration 6
Difficulty: Bugzilla link:1379666
Found in release: Pull request:https://github.com/theforeman/puppet-foreman_proxy/pull/311
Story points-
Velocity based estimate-
Release1.14.0Release relationshipAuto


Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1379666
Description of problem:
I got to test the UEFI feature on a bare metal host (Dell PowerEdge R330) and found out, the /var/lib/tftpboot/grub2/grubx64.efi fails to boot with 'validation failed' [1] when Secure Boot is enabled.

On lzap's advice, i tried to replace the file by the one located in /boot/efi/EFI/redhat/grubx64.efi which booted just fine.

Is there a problem with signing the bootloader?

Version-Release number of selected component (if applicable):
6.3.0 Snap 1

How reproducible:

Steps to Reproduce:
1. get a machine supporting UEFI and secure boot
2. create a host with "Grub2 Uefi Secure Boot" pxe loader option

Actual results:
Verification failed:

Expected results:
the signature is valid and secure boot allows the bootloader to boot

Additional info:

Related issues

Related to Installer - Feature #12635: Options to deploy Grub and PXELinux EFI loaders in TFTP root Closed 11/30/2015

Associated revisions

Revision 3c11b38f
Added by Lukas Zapletal 7 months ago

Fixes #16705 - copy signed grubx64.efi from /boot (#311)


#1 Updated by Dominic Cleal 9 months ago

  • Project changed from Foreman to Installer
  • Category set to Foreman modules

#2 Updated by Lukas Zapletal 9 months ago

  • Assigned To set to Lukas Zapletal

#3 Updated by Lukas Zapletal 8 months ago

  • Priority changed from Normal to Urgent

#4 Updated by Lukas Zapletal 7 months ago

  • Related to Feature #12635: Options to deploy Grub and PXELinux EFI loaders in TFTP root added

#5 Updated by The Foreman Bot 7 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/311 added

#6 Updated by Daniel Lobato Garcia 7 months ago

  • Target version set to Team Daniel - iteration 6

#7 Updated by Lukas Zapletal 7 months ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#8 Updated by Dominic Cleal 7 months ago

  • Release set to 1.14.0

Also available in: Atom PDF