vanilla 5.4.249 : Secured boot
Hello,
I compiled vanilla 5.4.249 with a gcc created by buildroot. Also created rootfs with the same buildroot. I installed grub-efi on a FAT32 sata disk and copied bzImage to /boot rootfs.tar was extracted to an ext3 partition on the same disk. Then I booted the PC and got the linux login as expected. But this does not make sense. In the PC's BIOS secured boot is enabled. I did not sign bzImage. Can you please advise ? Thank you, Zvika |
Quote:
If this is yet another thread where you will NOT provide information, say you're using custom hardware with a custom kernel, then don't share any with us, what do you think we'll be able to tell you now that hasn't been told to you in the past??? https://www.linuxquestions.org/quest...rt-4175721940/ https://www.linuxquestions.org/quest...ga-4175719035/ https://www.linuxquestions.org/quest...ll-4175708377/ https://www.linuxquestions.org/quest...ot-4175708180/ ...including this from last year, where you're asking about secure boot: https://www.linuxquestions.org/quest...on-4175705896/ You're claiming to have 15 years experience as a kernel developer, it's odd you don't know anything about this subject. |
1 Attachment(s)
Hello,
The CPU is: Intel(R) Core(TM) i7-8700 CPU@3.20GHz which is installed in a standard PC. The attached capture.jpg contains a snapshot from BIOS. The kernel was downloaded from: The kernel source was not modified. I used x86-64_defconfig to create bzImage. Can you please tell what further info is required ? I expected that the kernel will not boot because secured boot is enabled. Can you please tell why boot was OK ? Thank you, Zvika |
Quote:
Quote:
Quote:
Most importantly, did you bother to actually *LOOK IN THE FILE* you mentioned??? Might want to start there. |
Hello,
I tested the kernel on a regular PC. But the final target is an embedded PC. I can't use a distribution like ubuntu. I need full control on the kernel source + root file system. My question is simple: I did not sign my kernel. So why does it boot if secure boot is ON ? Thank you, Zvika |
Quote:
Quote:
And all of this is *ABSOLUTELY MEANINGLESS* for what you want to do with an embedded system, since everything will be different. AGAIN: you claim to be a kernel/custom hardware developer with 15 years experience...and cannot figure out/read the makefile for a kernel??? |
1 Attachment(s)
Hello,
Attached x86_64_defconfig I used to configure the kernel. I did not find a trace to SECURE_BOOT. Thank you, Zvika |
Quote:
You supposedly work with a 'team' engineering custom FPGA devices on custom embedded hardware; ask them. |
Sorry,
All your angry questions are not relevant. I wrote the exact type of my CPU. You did not specify what other hardware details are missing. The PC is booting OK with he vanilla 5.4.249 kernel I built. You replied that the answer is in the x86_64_defconfig I used. But you refuse to tell where in this file. The PC has 2 physical disks. The first contains Win10. Is it relevant ? In the boot menu I choose to boot with the second disk that contains grub 2.x which boots vanilla kernel. I have 15 years of experience in linux. So what ? Does it mean I can't ask questions ? Thank you, Zvika |
Quote:
Quote:
You were asked about the COMPUTER....not just the CPU. You were asked about the BIOS; you didn't answer. You were told to look at key management; you apparently haven't. You were asked SEVERAL things; you don't answer. AGAIN, since you don't pay attention....a 'standard pc' won't be the same as an embedded system. Not playing guessing games with you; this is fairly typical for your threads, and has been for years. Quote:
Quote:
|
You won.
It seems I will not get any answers here. I give up. |
Quote:
Check any of your MANY other threads where you behave the same way, over the course of many years: https://www.linuxquestions.org/quest...te-4175727120/ https://www.linuxquestions.org/quest...rt-4175721940/ https://www.linuxquestions.org/quest...ga-4175719035/ https://www.linuxquestions.org/quest...ll-4175708377/ https://www.linuxquestions.org/quest...ot-4175708180/ https://www.linuxquestions.org/quest...on-4175705896/ https://www.linuxquestions.org/quest...ce-4175702707/ |
1 Attachment(s)
Hello,
I added few components to .config for 5.4.249 (x64) (attached) For example: CONFIG_KEXEC_BZIMAGE_VERIFY_SIG Did not sign the kernel yet. The reason PC boots with a not signed kernel is because: OS Type : Other OS in the secured boot section in BIOS: When I set it to: Windows UEFI mode, boot failed. I got a big red message telling that BIOS will look for another bootable disk. Thank you, Zvika |
Quote:
And the file you posted clearly says, at the top: Code:
# Automatically generated file; DO NOT EDIT. |
Hello,
As I said before: My goal is to boot the PC with vanilla kernel (e.g 5.4.249) with secure boot enabled in BIOS. Next step: install grub 2.x on the disk with secure boot enabled. I tried the following under knoppix 9.1: /dev/sdb1 is a SATA disk. mkfs.fat -F32 /dev/sdb1 mount -t vfat /dev/sdb1 /media/sdb1 apt-get install grub-efi-amd64-signed grub-install --boot-directory=/media/sdb1/boot --efi-directory=/media/sdb1 --uefi-secure-boot I did not copy any grub.cfg to /media/sdb/boot/grub yet. reboot In boot menu I chose this disk but got the red message. Any ideas ? I'm aware that doing this with commercial distribution (e.g ubuntu) is much simpler. But this is not what I'm looking. Thank you, Zvika |
All times are GMT -5. The time now is 12:13 PM. |