Out of the box signed GRUB2 for secure boot

eeee25

5/14/24, 3:46 PM

I’m trying to create a tool which replaces Windows boot loader with GRUB2 and I’m using an UEFI computer that allowing Secure Boot (that I’m trying to keep).

I tried to copy shimx64.efi and mmx64.efi to the ESP along with standard grubx64.efi on the same directory and assign the bootmgr path to shimx64.efi, yet the UEFI keep panicking that the boot loader is not signed (and at this moment I’m not sure if he’s pointing at shim or grub).

I thought that shim designed to allow specifically GRUB2 to be launched under secure boot without self signing it, which seems to be wrong. Is there any method to run out of the box GRUB under secure boot without self signing it?

0 + 5

grub2

dual-boot

uefi

secure-boot

ubfan1

5/14/24, 4:14 PM

grub is not signed but shim comes in both signed and unsigned packages. You don't need to self sign unless you have proprietary kernel modules (like Nvidia) and want to run with secure boot enabled.

eeee25

5/14/24, 5:22 PM

@ubfan1 thanks for the clarification. How can I know if the kernel I’m running is compatible? I’m trying to run TinyCore Linux. I’m sorry if I’m mixing some of the terms…

ubfan1

5/14/24, 6:17 PM

TinyCore is off topic here. It is unlikely they used Canonical's solution for secure boot, so my first comment is likely totally off base.

eeee25

5/15/24, 7:54 AM

@ubfan1 okay, now I’m trying to move to dCore which relies on Ubuntu Xenial kernel (vmlinuz-xenial) but with the current constellation it keeps failing (again shimx64.efi as the shim, grubx64.efi as bootloader that points to Ubuntu Xenial kernel). What am I doing wrong?

oldfred

5/15/24, 2:10 PM

Xenial 16.04 is also beyond standard support. But only official Ubuntu and official flavor versions not unofficial flavors are supported on this site. refer to https://askubuntu.com/help/on-topic where you'll find other SE sites where you question will be welcome

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Out of the box signed GRUB2 for secure boot

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.