https://bugzilla.novell.com/show_bug.cgi?id=809038
https://bugzilla.novell.com/show_bug.cgi?id=809038#c40
--- Comment #40 from Michael Chang
(In reply to comment #30)
OK, so it is not extra boot parameters and must be path to image file.
Root device was not correctly set in secureboot code path.
Oops . too bad.
@mchang: Michael, could you please help to test the fix. It needs proper signing, so I did not even publish repo.
home:arvidjaar:bnc:809038/grub2
This is tricky right now 1. It seems no way to retrieve the public certificate used to validate the signed image in the user's home project though the osc command or any other means. :( 2. Currently grub2 package only provides server signed binaries (whether signed by SUSE by user's own signkey) we may have to consider providing an unsigned image (say grub2-unsigned.efi) to make things easier for local signing. 3. pesign just aborts badly if --remove-signture (segv. fault).. What I wanted to do is to strip off the signatures in grub.efi and re-signing it with my own local key then end up with this unexpected fail. :( 4. Related to #3, current firmware don't play with multiple signed images so we can't sign an image multiple times. For the time being, I will try to branch your home project to create a unsigned grub2.efi to work my local signing and give the signed image and certificate to Neil for test. The wiki page has more elaborate about the (local) signing and (MOK) key enrolling process. (See booting a custom kernel) http://en.opensuse.org/openSUSE:UEFI -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.