On Tue, Apr 27, 2021 at 02:40:34PM -0300, Wagner Vicente wrote:
My name is Wagner Vicente, from Brazil and I'd like to report a problem with my linux installation after updating "grub2".
The problem occurred after the update of the bootloader grub2, when the boot message appears.
"Bootloader has not verified loaded image. System is compromised. halting."
I have tried the grub2 recovery procedure to no avail.
Hi,
I think you need to disable secure boot to continue with the boot. This was already noticed but the cause is being investigated. If you downgrade grub, does secure boot work again?
- Adam
Am 28.04.21 um 22:21 schrieb Adam Majer:
On Tue, Apr 27, 2021 at 02:40:34PM -0300, Wagner Vicente wrote:
The problem occurred after the update of the bootloader grub2, when the boot message appears.
"Bootloader has not verified loaded image. System is compromised. halting."
[...]
I think you need to disable secure boot to continue with the boot. This was already noticed but the cause is being investigated. If you downgrade grub, does secure boot work again?
FWIW I also saw this message after the latest grub/shim update on two Dell Precision Towers 3420 with openSUSE Leap 15.2:
- BIOS/UEFI starts normally - grub starts/runs normally - grub tries to start a kernel - shows the above message - system is automatically powered off
Happens with these RPMs:
shim-15.4-lp152.4.8.1.x86_64 grub2-x86_64-efi-2.04-lp152.7.25.1.noarch grub2-i386-pc-2.04-lp152.7.25.1.noarch
Downgrading shim only (not grub) gives this message (not sure if by grub or by BIOS). It just shows briefly:
Booting in insecure mode
But the computer does start. Secure Boot state is shown as:
box:~ # mokutil --sb-state SecureBoot enabled SecureBoot validation is disabled in shim
BIOS update (to 0.2.17.1) of the computer didn't change anything.
That's where I gave up debugging and simply disabled Secure Boot.
Other machines with Secure Boot enabled continued to boot normally after the latest grub/shim update.
Regards -- Till
On Thu, Apr 29, 2021 at 11:12:09AM +0200, Till Dörges wrote:
FWIW I also saw this message after the latest grub/shim update on two Dell Precision Towers 3420 with openSUSE Leap 15.2:
....
That's where I gave up debugging and simply disabled Secure Boot.
"Quitters of the world unite" ;-)
I reached a similar point helping family with an older HP 3500 that they want back working, which very annoyingly gave no visible errors and just had a black screen with a locked keyboard but the fans turning.
https://bugzilla.opensuse.org/show_bug.cgi?id=1185232 points to
"There is a known issue in upstream that the new shim called QueryVariableInfo() in old EFI implementation and it caused some weird crash. https://github.com/rhboot/shim/pull/364"
Yours may well be a similar issue.
Daniel
Am 29.04.21 um 14:48 schrieb Daniel Morris:
On Thu, Apr 29, 2021 at 11:12:09AM +0200, Till Dörges wrote:
FWIW I also saw this message after the latest grub/shim update on two Dell Precision Towers 3420 with openSUSE Leap 15.2:
....
That's where I gave up debugging and simply disabled Secure Boot.
"Quitters of the world unite" ;-)
;–)
I reached a similar point helping family with an older HP 3500 that they want back working, which very annoyingly gave no visible errors and just had a black screen with a locked keyboard but the fans turning.
https://bugzilla.opensuse.org/show_bug.cgi?id=1185232 points to
Yes, I also found that during my debugging efforts. But it didn't look quite like a match (e.g. different error msg).
"There is a known issue in upstream that the new shim called QueryVariableInfo() in old EFI implementation and it caused some weird crash. https://github.com/rhboot/shim/pull/364"
IIUC that fix is about shim not being able to hand over to grub? But what I observed was that grub could be started just fine. Subsequently booting the kernel (from grub) failed.
Regards -- Till
-
Adam Majer -
Daniel Morris -
Till Dörges -
Wagner Vicente