Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1034409: Boot from removable media path fails after changing secure boot validation because MOK Manager is not found
12 views
Skip to first unread message
Pascal Hambourg
Apr 14, 2023, 10:40:04 AM4/14/23
to
Package: src:shim
Version: 15.7-1
Dear maintainer,
I have an HP Elitebook 2570p laptop with flawed UEFI firmware which
ignores EFI boot variables in NVRAM for booting and boots from the
removable media path by default. So I installed a copy of GRUB in the
removable media path with:
# grub-install --force-extra-removable
Secure boot is enabled in UEFI/BIOS settings.
For a test I wanted to disable secure boot validation in shim with:
# mokutil --disable-validation
and rebooted. At boot, the following error is displayed:
Failed to open mmx64.efi - Not Found
Failed to load image: Not Found
Failed to start MOK Manager : Not Found
and the laptop shut down after a couple of seconds.
Indeed /EFI/BOOT on the EFI system partition contains only BOOTX64.EFI,
grubx64.efi and fbx64.efi.
Now the same happens every time I reboot from the removable media path,
either on the hard disk or on a USB drive with a Debian installation image.
Not sure which software is to blame here.
- grub-install which does not install the MOK manager into the removable
media path ?
- shim which shuts down the laptop instead of just ignoring the
validation change request if it does not find the MOK Manager ?
Version: 15.7-1
Dear maintainer,
I have an HP Elitebook 2570p laptop with flawed UEFI firmware which
ignores EFI boot variables in NVRAM for booting and boots from the
removable media path by default. So I installed a copy of GRUB in the
removable media path with:
# grub-install --force-extra-removable
Secure boot is enabled in UEFI/BIOS settings.
For a test I wanted to disable secure boot validation in shim with:
# mokutil --disable-validation
and rebooted. At boot, the following error is displayed:
Failed to open mmx64.efi - Not Found
Failed to load image: Not Found
Failed to start MOK Manager : Not Found
and the laptop shut down after a couple of seconds.
Indeed /EFI/BOOT on the EFI system partition contains only BOOTX64.EFI,
grubx64.efi and fbx64.efi.
Now the same happens every time I reboot from the removable media path,
either on the hard disk or on a USB drive with a Debian installation image.
Not sure which software is to blame here.
- grub-install which does not install the MOK manager into the removable
media path ?
- shim which shuts down the laptop instead of just ignoring the
validation change request if it does not find the MOK Manager ?
Steve McIntyre
Apr 23, 2023, 2:10:03 PM4/23/23
to
Control: reassign -1 src:grub2
On Fri, Apr 14, 2023 at 04:35:22PM +0200, Pascal Hambourg wrote:
>Package: src:shim
>Version: 15.7-1
>
>Dear maintainer,
>
>I have an HP Elitebook 2570p laptop with flawed UEFI firmware which ignores
>EFI boot variables in NVRAM for booting and boots from the removable media
>path by default. So I installed a copy of GRUB in the removable media path
>with:
>
># grub-install --force-extra-removable
>
>Secure boot is enabled in UEFI/BIOS settings.
>For a test I wanted to disable secure boot validation in shim with:
>
># mokutil --disable-validation
>
>and rebooted. At boot, the following error is displayed:
>
> Failed to open mmx64.efi - Not Found
> Failed to load image: Not Found
> Failed to start MOK Manager : Not Found
>
>and the laptop shut down after a couple of seconds.
>Indeed /EFI/BOOT on the EFI system partition contains only BOOTX64.EFI,
>grubx64.efi and fbx64.efi.
>Now the same happens every time I reboot from the removable media path,
>either on the hard disk or on a USB drive with a Debian installation image.
>
>Not sure which software is to blame here.
>
>- grub-install which does not install the MOK manager into the removable
>media path ?
This is definitely a bug in grub-install, yeah. Re-assigning it
accordingly.
>- shim which shuts down the laptop instead of just ignoring the validation
>change request if it does not find the MOK Manager ?
shim is designed to be paranoid (here and elsewhere). There isn't a
*good* choice for it here IMHO. :-/
--
Steve McIntyre, Cambridge, UK. st...@einval.com
"This dress doesn't reverse." -- Alden Spiess
On Fri, Apr 14, 2023 at 04:35:22PM +0200, Pascal Hambourg wrote:
>Package: src:shim
>Version: 15.7-1
>
>Dear maintainer,
>
>I have an HP Elitebook 2570p laptop with flawed UEFI firmware which ignores
>EFI boot variables in NVRAM for booting and boots from the removable media
>path by default. So I installed a copy of GRUB in the removable media path
>with:
>
># grub-install --force-extra-removable
>
>Secure boot is enabled in UEFI/BIOS settings.
>For a test I wanted to disable secure boot validation in shim with:
>
># mokutil --disable-validation
>
>and rebooted. At boot, the following error is displayed:
>
> Failed to open mmx64.efi - Not Found
> Failed to load image: Not Found
> Failed to start MOK Manager : Not Found
>
>and the laptop shut down after a couple of seconds.
>Indeed /EFI/BOOT on the EFI system partition contains only BOOTX64.EFI,
>grubx64.efi and fbx64.efi.
>Now the same happens every time I reboot from the removable media path,
>either on the hard disk or on a USB drive with a Debian installation image.
>
>Not sure which software is to blame here.
>
>- grub-install which does not install the MOK manager into the removable
>media path ?
accordingly.
>- shim which shuts down the laptop instead of just ignoring the validation
>change request if it does not find the MOK Manager ?
*good* choice for it here IMHO. :-/
--
Steve McIntyre, Cambridge, UK. st...@einval.com
"This dress doesn't reverse." -- Alden Spiess
Steve McIntyre
May 2, 2023, 10:00:07 AM5/2/23
to
Control: severity -1 serious
Raising the severity here, seen another report of this.
"Managing a volunteer open source project is a lot like herding
kittens, except the kittens randomly appear and disappear because they
have day jobs." -- Matt Mackall
Raising the severity here, seen another report of this.
"Managing a volunteer open source project is a lot like herding
kittens, except the kittens randomly appear and disappear because they
have day jobs." -- Matt Mackall
0 new messages