Am 19.04.20 um 22:49 schrieb Damian Ivanov:
I am working on a grub2 patch and build a branched grub2 from Base:System / grub2 in my home project.
It compiles/publishes and works fine but secure boot does not work when this grub2 package is installed.
I understand that each rpm is signed with a specific key for the corresponding project, but I do not understand how this causes secure boot to fail.
I would like to understand what causes this.
Hi, Secure boot means a chain of trust - the BIOS has a key from Microsoft, shim is signed with that, so the BIOS loads shim. Shim in return contains openSUSE keys so it will load what's signed with openSUSE keys. Your grub is not signed with openSUSE key, so it's not trusted. -> For your patched grub to work on secure boot, you need to compile shim also (and very likely also the kernel) with your key and then tell your BIOS to trust it. Greetings, Stephan -- Lighten up, just enjoy life, smile more, laugh more, and don't get so worked up about things. Kenneth Branagh -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org