![]() ![]() Here's what I did: # cat >grub-initial.cfg Ubuntu shim -> Ubuntu GRUB -> Linux or Windows does not have the "1.3.6.1.16.1.2" ID like the distro-generated ones which would restrict it to kernel-module signing. There are subsequent "Shim UEFI key management" dialogs through which I can enroll the hash of grub圆4.efi but weirdly having done that I still get the same result on the next boot, and the presented hash did not match a direct sha256sum of grub圆4.efi or any other file in /boot/efi. Verification failed: (0x1A) Security Violation So I thought enrolling a MOK and signing a standalone version of GRUB would be a solution, but I'm getting a blue text-mode dialog that I believe comes from the shim, saying: ![]() ![]() Unfortunately the default Ubuntu-signed GRUB lacks modules such as http and tftp, and with Secure Boot on, it will refuse to load them from disk. I have a Wake-on-LAN situation where I'd like GRUB to make a network request to decide "should I boot Windows?", perhaps by load_env (http,192.168.1.123)/grubenv (so I can write that file just before waking the machine). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |