Hey all,
I wonder what the current status of UEFI Secure Boot in CS9 is?
I installed CentOS-Stream-9-20220328.0-x86_64-dvd1 on a workstation.
# rpm -qa|egrep -i '^efi|kernel-5|^grub2'|sort efibootmgr-16-12.el9.x86_64 efi-filesystem-4-9.el9.noarch efivar-libs-38-2.el9.x86_64 grub2-common-2.06-25.el9.noarch grub2-efi-x64-2.06-25.el9.x86_64 grub2-tools-2.06-25.el9.x86_64 grub2-tools-minimal-2.06-25.el9.x86_64 kernel-5.14.0-75.el9.x86_64
and can't boot with "secure boot" enabled. Grub shows something like ~shim signature bad~.
Any updated informations out there?
-- Thanks Leon
On Tue, Apr 5, 2022, at 12:25, Leon Fauster via CentOS-devel wrote:
Hey all,
I wonder what the current status of UEFI Secure Boot in CS9 is?
I installed CentOS-Stream-9-20220328.0-x86_64-dvd1 on a workstation.
# rpm -qa|egrep -i '^efi|kernel-5|^grub2'|sort efibootmgr-16-12.el9.x86_64 efi-filesystem-4-9.el9.noarch efivar-libs-38-2.el9.x86_64 grub2-common-2.06-25.el9.noarch grub2-efi-x64-2.06-25.el9.x86_64 grub2-tools-2.06-25.el9.x86_64 grub2-tools-minimal-2.06-25.el9.x86_64 kernel-5.14.0-75.el9.x86_64
and can't boot with "secure boot" enabled. Grub shows something like ~shim signature bad~.
Any updated informations out there?
-- Thanks Leon
CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
An update to pesign caused a couple of kernels to be signed with the embedded test certificates. https://kojihub.stream.rdu2.redhat.com/koji/buildinfo?buildID=17931 <= this build (or a later one) is on its way into the buildroot and we can rebuild.
--Brian
On Tue, Apr 5, 2022 at 1:51 PM Brian Stinson brian@bstinson.com wrote:
On Tue, Apr 5, 2022, at 12:25, Leon Fauster via CentOS-devel wrote:
Hey all,
I wonder what the current status of UEFI Secure Boot in CS9 is?
I installed CentOS-Stream-9-20220328.0-x86_64-dvd1 on a workstation.
# rpm -qa|egrep -i '^efi|kernel-5|^grub2'|sort efibootmgr-16-12.el9.x86_64 efi-filesystem-4-9.el9.noarch efivar-libs-38-2.el9.x86_64 grub2-common-2.06-25.el9.noarch grub2-efi-x64-2.06-25.el9.x86_64 grub2-tools-2.06-25.el9.x86_64 grub2-tools-minimal-2.06-25.el9.x86_64 kernel-5.14.0-75.el9.x86_64
and can't boot with "secure boot" enabled. Grub shows something like ~shim signature bad~.
Any updated informations out there?
-- Thanks Leon
CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
An update to pesign caused a couple of kernels to be signed with the embedded test certificates. https://kojihub.stream.rdu2.redhat.com/koji/buildinfo?buildID=17931 <= this build (or a later one) is on its way into the buildroot and we can rebuild.
And for us chickens: https://kojihub.stream.centos.org/koji/buildinfo?buildID=17931
Am 05.04.22 um 20:34 schrieb Neal Gompa:
On Tue, Apr 5, 2022 at 1:51 PM Brian Stinson brian@bstinson.com wrote:
On Tue, Apr 5, 2022, at 12:25, Leon Fauster via CentOS-devel wrote:
Hey all,
I wonder what the current status of UEFI Secure Boot in CS9 is?
I installed CentOS-Stream-9-20220328.0-x86_64-dvd1 on a workstation.
# rpm -qa|egrep -i '^efi|kernel-5|^grub2'|sort efibootmgr-16-12.el9.x86_64 efi-filesystem-4-9.el9.noarch efivar-libs-38-2.el9.x86_64 grub2-common-2.06-25.el9.noarch grub2-efi-x64-2.06-25.el9.x86_64 grub2-tools-2.06-25.el9.x86_64 grub2-tools-minimal-2.06-25.el9.x86_64 kernel-5.14.0-75.el9.x86_64
and can't boot with "secure boot" enabled. Grub shows something like ~shim signature bad~.
Any updated informations out there?
An update to pesign caused a couple of kernels to be signed with the embedded test certificates. https://kojihub.stream.rdu2.redhat.com/koji/buildinfo?buildID=17931 <= this build (or a later one) is on its way into the buildroot and we can rebuild.
And for us chickens: https://kojihub.stream.centos.org/koji/buildinfo?buildID=17931
Ok, I read between the lines that it should work. Thanks. Lets wait for the next compose.
-- Leon
Am 05.04.22 um 22:50 schrieb Leon Fauster:
Am 05.04.22 um 20:34 schrieb Neal Gompa:
On Tue, Apr 5, 2022 at 1:51 PM Brian Stinson brian@bstinson.com wrote:
On Tue, Apr 5, 2022, at 12:25, Leon Fauster via CentOS-devel wrote:
Hey all,
I wonder what the current status of UEFI Secure Boot in CS9 is?
I installed CentOS-Stream-9-20220328.0-x86_64-dvd1 on a workstation.
# rpm -qa|egrep -i '^efi|kernel-5|^grub2'|sort efibootmgr-16-12.el9.x86_64 efi-filesystem-4-9.el9.noarch efivar-libs-38-2.el9.x86_64 grub2-common-2.06-25.el9.noarch grub2-efi-x64-2.06-25.el9.x86_64 grub2-tools-2.06-25.el9.x86_64 grub2-tools-minimal-2.06-25.el9.x86_64 kernel-5.14.0-75.el9.x86_64
and can't boot with "secure boot" enabled. Grub shows something like ~shim signature bad~.
Any updated informations out there?
An update to pesign caused a couple of kernels to be signed with the embedded test certificates. https://kojihub.stream.rdu2.redhat.com/koji/buildinfo?buildID=17931 <= this build (or a later one) is on its way into the buildroot and we can rebuild.
And for us chickens: https://kojihub.stream.centos.org/koji/buildinfo?buildID=17931
Ok, I read between the lines that it should work. Thanks. Lets wait for the next compose.
I wonder how often do the public mirrors for CS9 get new composes/updates? It seems that its stuck at 20220328 while https://composes.stream.centos.org/production/latest-CentOS-Stream/ shows 9 more composes ...?
Or should I point the local repo files to composes.stream.centos.org?
-- Leon
On Fri, Apr 15, 2022, at 3:00 PM, Leon Fauster via CentOS-devel wrote:
I wonder how often do the public mirrors for CS9 get new composes/updates? It seems that its stuck at 20220328 while https://composes.stream.centos.org/production/latest-CentOS-Stream/ shows 9 more composes ...?
Or should I point the local repo files to composes.stream.centos.org?
Are there any docs for the timing/flow of this stuff at all? What are the inputs to the "control loop" here? Are human decisions involved? CI? Are the logs for those systems public?
-
Brian Stinson -
Colin Walters -
Leon Fauster -
Neal Gompa