After updates to grub2 and kernel in CentOS 7, today, systems will no longer boot in Secure Boot mode. I'm not positive, but I think grub2 is the culprit.
Is anyone else seeing the same problem?
On Wed, Sep 16, 2015 at 4:09 PM, Gordon Messmer gordon.messmer@gmail.com wrote:
After updates to grub2 and kernel in CentOS 7, today, systems will no longer boot in Secure Boot mode. I'm not positive, but I think grub2 is the culprit.
I also suspect this is a grub2 issue. Perhaps, you may want to file a bug report [against grub2] at http://bugs.centos.org so that this can be followed properly.
Akemi
On 09/17/2015 12:46 PM, Akemi Yagi wrote:
I also suspect this is a grub2 issue. Perhaps, you may want to file a bug report [against grub2] at http://bugs.centos.org so that this can be followed properly.
Yeah, I just figured out how to query the signature of the new and previous grub image. The new one is signed with "Red Hat Test Certificate"
[root@vagrant ~]# pesign --show-signature --in /var/tmp/grub2-16/boot/efi/EFI/centos/grubx64.efi --------------------------------------------- certificate address is 0x7fb81b3cb808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Inc. No signer email address. Signing time: Thu Mar 26, 2015 There were certs or crls included. --------------------------------------------- [root@vagrant ~]# pesign --show-signature --in /var/tmp/grub2-17/boot/efi/EFI/centos/grubx64.efi --------------------------------------------- certificate address is 0x7fde869bd808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Test Certificate No signer email address. Signing time: Tue Sep 15, 2015 There were certs or crls included. ---------------------------------------------
-
Akemi Yagi -
Gordon Messmer