[opensuse-security] shim bootloader with only SUSE signature?
Morning! I may deal with a system that is not able to cope with a EFI program that carries 2 signatures, like shim. efi. Thus, is there a shim loader that only carries one signature, the signature from openSUSE? I thought, /usr/lib64/efi/fallback.efi was nothing else than shim with just the openSUSE signature, but this seems not to be the case? fallback.efi carries only the openSUSE signature, but it is shim with a different name? What I need is shim.efi just with one signature, from SUSE. thanks! -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
Am 03.04.2017 um 02:08 schrieb Malte Gell:
Morning!
I may deal with a system that is not able to cope with a EFI program that carries 2 signatures, like shim. efi. Thus, is there a shim loader that only carries one signature, the signature from openSUSE?
I found a workaround that may help others who find this as well: load the kernel as a EFI stub. While loading with Grub2, just replacing linux with linuxefi and initrd with initrdefi, that did the job :-) To use secure boot this may require to load the SUSE key to MOK. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (1)
-
Malte Gell