Project

General

Profile

Bug #16705

grubx64.efi fails to boot with Secure Boot

Added by roman plevka almost 2 years ago. Updated about 1 month ago.

Status:
Closed
Priority:
Urgent
Category:
Foreman modules
Target version:
Difficulty:
Triaged:
Bugzilla link:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1379666
Description of problem:
I got to test the UEFI feature on a bare metal host (Dell PowerEdge R330) and found out, the /var/lib/tftpboot/grub2/grubx64.efi fails to boot with 'validation failed' [1] when Secure Boot is enabled.

On lzap's advice, i tried to replace the file by the one located in /boot/efi/EFI/redhat/grubx64.efi which booted just fine.

Is there a problem with signing the bootloader?

Version-Release number of selected component (if applicable):
6.3.0 Snap 1

How reproducible:

Steps to Reproduce:
1. get a machine supporting UEFI and secure boot
2. create a host with "Grub2 Uefi Secure Boot" pxe loader option

Actual results:
Verification failed:
http://storage2.static.itmages.com/i/16/0923/h_1474643658_3444841_50e85b6ce5.png

Expected results:
the signature is valid and secure boot allows the bootloader to boot

Additional info:


Related issues

Related to Installer - Feature #12635: Options to deploy Grub and PXELinux EFI loaders in TFTP rootClosed2015-11-30

Associated revisions

Revision 3c11b38f (diff)
Added by Lukas Zapletal over 1 year ago

Fixes #16705 - copy signed grubx64.efi from /boot (#311)

History

#1 Updated by Dominic Cleal almost 2 years ago

  • Project changed from Foreman to Installer
  • Category set to Foreman modules

#2 Updated by Lukas Zapletal almost 2 years ago

  • Assignee set to Lukas Zapletal

#3 Updated by Lukas Zapletal almost 2 years ago

  • Priority changed from Normal to Urgent

#4 Updated by Lukas Zapletal over 1 year ago

  • Related to Feature #12635: Options to deploy Grub and PXELinux EFI loaders in TFTP root added

#5 Updated by The Foreman Bot over 1 year ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-foreman_proxy/pull/311 added

#6 Updated by Daniel Lobato Garcia over 1 year ago

  • Target version set to 1.4.3

#7 Updated by Lukas Zapletal over 1 year ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100

#8 Updated by Dominic Cleal over 1 year ago

  • Legacy Backlogs Release (now unused) set to 189

Also available in: Atom PDF