23.6.2014 1:01, Akemi Yagi kirjoitti: > On Sun, Jun 22, 2014 at 2:48 PM, Anssi Johansson <centos at miuku.net> wrote: >> I'm currently testing this boot.iso from the secureboot directory: >> 362807296 Jun 21 00:59 /tmp/boot.iso > >> When I enter the boot menu with F12 and select my USB stick, I get a >> nasty "Invalid signature detected. Check Secure Boot Policy in Setup". >> RHEL7rc1 doesn't boot with these settings either. Disabling Secure Boot >> lets me boot from the USB stick, and the media check passes. Please advice. > > How did you write to the USB stick? By using the dd command? > > Just to be sure, the boot.iso file that worked for me has this hash value: > > $ sha256sum boot.iso > 4860e0deb8d8b6b02ce644bae208fc6973d94155beaa0885b8f865303d730067 boot.iso Yes, that's what I have, and I indeed dd'ed it to the USB stick. I now changed the Secure Boot Mode from Standard to Custom, and changed Default Key Provisioning from Enabled to Disabled. That gave me an option to Clear Secure Boot keys, which I did. A consequence of that was that the System Boot State changed from User to Setup, and Secure Boot Mode State changed to Disabled. Secure Boot was still left Enabled. THIS setting allowed me to boot from the USB sticks (C7 secureboot and RHEL7rc1). Perhaps this is actually the way it's supposed to work. I have now successfully installed C7 on that system with Secure Boot enabled, and the system boots afterwards with Secure Boot still enabled. Apologies for the noise, but perhaps this info is useful for someone who stumbles on this same problem.