On 09/17/2015 12:46 PM, Akemi Yagi wrote:
I also suspect this is a grub2 issue. Perhaps, you may want to file a bug report [against grub2] at http://bugs.centos.org so that this can be followed properly.
Yeah, I just figured out how to query the signature of the new and previous grub image. The new one is signed with "Red Hat Test Certificate"
[root@vagrant ~]# pesign --show-signature --in /var/tmp/grub2-16/boot/efi/EFI/centos/grubx64.efi --------------------------------------------- certificate address is 0x7fb81b3cb808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Inc. No signer email address. Signing time: Thu Mar 26, 2015 There were certs or crls included. --------------------------------------------- [root@vagrant ~]# pesign --show-signature --in /var/tmp/grub2-17/boot/efi/EFI/centos/grubx64.efi --------------------------------------------- certificate address is 0x7fde869bd808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Test Certificate No signer email address. Signing time: Tue Sep 15, 2015 There were certs or crls included. ---------------------------------------------