Am 05.04.22 um 20:34 schrieb Neal Gompa:
On Tue, Apr 5, 2022 at 1:51 PM Brian Stinson brian@bstinson.com wrote:
On Tue, Apr 5, 2022, at 12:25, Leon Fauster via CentOS-devel wrote:
Hey all,
I wonder what the current status of UEFI Secure Boot in CS9 is?
I installed CentOS-Stream-9-20220328.0-x86_64-dvd1 on a workstation.
# rpm -qa|egrep -i '^efi|kernel-5|^grub2'|sort efibootmgr-16-12.el9.x86_64 efi-filesystem-4-9.el9.noarch efivar-libs-38-2.el9.x86_64 grub2-common-2.06-25.el9.noarch grub2-efi-x64-2.06-25.el9.x86_64 grub2-tools-2.06-25.el9.x86_64 grub2-tools-minimal-2.06-25.el9.x86_64 kernel-5.14.0-75.el9.x86_64
and can't boot with "secure boot" enabled. Grub shows something like ~shim signature bad~.
Any updated informations out there?
An update to pesign caused a couple of kernels to be signed with the embedded test certificates. https://kojihub.stream.rdu2.redhat.com/koji/buildinfo?buildID=17931 <= this build (or a later one) is on its way into the buildroot and we can rebuild.
And for us chickens: https://kojihub.stream.centos.org/koji/buildinfo?buildID=17931
Ok, I read between the lines that it should work. Thanks. Lets wait for the next compose.
-- Leon