Linux - Embedded & Single-board computerThis forum is for the discussion of Linux on both embedded devices and single-board computers (such as the Raspberry Pi, BeagleBoard and PandaBoard). Discussions involving Arduino, plug computers and other micro-controller like devices are also welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I compiled vanilla 5.4.249 with a gcc created by buildroot. Also created rootfs with the same buildroot. I installed grub-efi on a FAT32 sata disk and copied bzImage to /boot
rootfs.tar was extracted to an ext3 partition on the same disk.
Then I booted the PC and got the linux login as expected. But this does not make sense. In the PC's BIOS secured boot is enabled. I did not sign bzImage. Can you please advise ?
"Advise" what??? You (AGAIN) give us zero information about the hardware you're using, it's capabilities, or what you've actually done. You don't say what you downloaded, from where, what you did with it, etc., etc. This has been told to you many, MANY times...why can you not provide details when you ask a question???
The CPU is:
Intel(R) Core(TM) i7-8700 CPU@3.20GHz
which is installed in a standard PC.
The attached capture.jpg contains a snapshot from BIOS.
The kernel was downloaded from:
The kernel source was not modified. I used x86-64_defconfig to create bzImage.
Can you please tell what further info is required ?
I expected that the kernel will not boot because secured boot is enabled.
Can you please tell why boot was OK ?
Great; so WHY did you download it from kernel.org, and build it yourself, rather than loading any version of Linux that already has a kernel??? And you're AGAIN posting in the "Embedded & Single board computer" forum...saying that you are using a 'standard PC'. If it's escaped your notice, the two are different.
Quote:
The kernel source was not modified. I used x86-64_defconfig to create bzImage.
Can you please tell what further info is required ? I expected that the kernel will not boot because secured boot is enabled. Can you please tell why boot was OK ?
You still, after 15 years, don't appear to be paying attention to what is asked of you, nor are you thinking about what you're posting. You claim to be a kernel developer, but can't figure out why your kernel is booting??? On the near-useless screenshot, you have "Key management" highlighted....did you bother to LOOK to see if a key/shim was imported when you loaded things???
Most importantly, did you bother to actually *LOOK IN THE FILE* you mentioned??? Might want to start there.
Hello,
I tested the kernel on a regular PC. But the final target is an embedded PC. I can't use a distribution like ubuntu. I need full control on the kernel source + root file system.
So absolutely nothing you've done thus far actually addresses your problem. This is, yet again, another one of your "I have custom hardware that I won't tell anyone about, but expect people to be able to help me" issues. How many times are you going to be asked what kind of hardware, and what your actual goals are, before you answer??? How many times in the past have you been asked these things???
Quote:
My question is simple: I did not sign my kernel. So why does it boot if secure boot is ON ?
You were *GIVEN AN ANSWER* Did you not read/understand it?? AGAIN: did you look in the file you used to generate the kernel??
And all of this is *ABSOLUTELY MEANINGLESS* for what you want to do with an embedded system, since everything will be different. AGAIN: you claim to be a kernel/custom hardware developer with 15 years experience...and cannot figure out/read the makefile for a kernel???
Hello,
Attached x86_64_defconfig I used to configure the kernel. I did not find a trace to SECURE_BOOT.
AGAIN:
You supposedly have 15 years experience doing this; you should easily be able to identify what's in that file.
You have been repeatedly asked about the hardware; you won't answer.
You have repeatedly been asked about what you're trying to accomplish; you won't answer
You say "standard PC"...and give us NO details about it
You don't say what other OS'es have ever been loaded on this mystery PC, and were...
...told to check key management; did you??
You're apparently trying to build a kernel for an embedded system that (somehow) you want to boot on a standard PC; are you thinking about the fact that the two things are very different??
You've done this for years now, in most of your threads. I don't think anyone is going to be able to help you at this point, since you NEVER want to provide answers to questions you're asked.
You supposedly work with a 'team' engineering custom FPGA devices on custom embedded hardware; ask them.
I wrote the exact type of my CPU. You did not specify what other hardware details are missing.
The PC is booting OK with he vanilla 5.4.249 kernel I built.
You replied that the answer is in the x86_64_defconfig I used. But you refuse to tell where in this file.
The PC has 2 physical disks. The first contains Win10. Is it relevant ?
In the boot menu I choose to boot with the second disk that contains grub 2.x which boots vanilla kernel.
I have 15 years of experience in linux. So what ? Does it mean I can't ask questions ?
Sorry, but they are. And people get angry with you, because you *DO NOT LISTEN OR ANSWER*
Quote:
I wrote the exact type of my CPU. You did not specify what other hardware details are missing. The PC is booting OK with he vanilla 5.4.249 kernel I built. You replied that the answer is in the x86_64_defconfig I used. But you refuse to tell where in this file.
Yep; since you refuse to answer questions and provide details, please explain why others should spoon-feed you an answer, especially since you were TOLD which file it's in, and you have 15 years experience building kernels. Since you have that experience, you should EASILY be able to look at that file and see the relevant lines.
You were asked about the COMPUTER....not just the CPU. You were asked about the BIOS; you didn't answer. You were told to look at key management; you apparently haven't. You were asked SEVERAL things; you don't answer. AGAIN, since you don't pay attention....a 'standard pc' won't be the same as an embedded system. Not playing guessing games with you; this is fairly typical for your threads, and has been for years.
Quote:
The PC has 2 physical disks. The first contains Win10. Is it relevant ? In the boot menu I choose to boot with the second disk that contains grub 2.x which boots vanilla kernel.
Relevant?? You tell me, because...
Quote:
I have 15 years of experience in linux. So what ? Does it mean I can't ask questions ?
...you have 15 years experience in Linux, right??? You can ask all the questions you want, but *YOU* are claiming to be a kernel developer/custom hardware developer/FPGA developer, and can't figure out how to check a key in BIOS??? Or how to build a kernel???
You won. It seems I will not get any answers here. I give up.
Again:
You got an answer; you cannot understand the answer, despite claiming 15 years experience doing what you are wanting to do.
You REFUSE to answer questions about your setup, or even state your goals.
You REFUSE to check things when suggested.
So what do you think anyone here can do for you?? Do you expect us to connect to your machine and type things in?? Provide you with free consulting services??? What???
Hello,
I added few components to .config for 5.4.249 (x64) (attached) For example: CONFIG_KEXEC_BZIMAGE_VERIFY_SIG Did not sign the kernel yet.
The reason PC boots with a not signed kernel is because: OS Type : Other OS
in the secured boot section in BIOS:
When I set it to: Windows UEFI mode, boot failed.
I got a big red message telling that BIOS will look for another bootable disk.
Really??? You mean checking the BIOS settings (as you were told) worked?? Good to know. Too bad it won't apply to many other folks, since you've still not provided any useful details about your setup or your actual goals.
And the file you posted clearly says, at the top:
Code:
# Automatically generated file; DO NOT EDIT.
# Linux/x86_64 5.4.249 Kernel Configuration
...which is certainly *NOT* what you said you used to build the kernel with, is it??? Not the one that came with the kernel link, nor the one you posted here. Again, you provide no details, and change things, and somehow expect others to guess and try to help you.
As I said before: My goal is to boot the PC with vanilla kernel (e.g 5.4.249) with secure boot enabled in BIOS.
Next step: install grub 2.x on the disk with secure boot enabled.
I tried the following under knoppix 9.1:
/dev/sdb1 is a SATA disk.
mkfs.fat -F32 /dev/sdb1
mount -t vfat /dev/sdb1 /media/sdb1
apt-get install grub-efi-amd64-signed
grub-install --boot-directory=/media/sdb1/boot --efi-directory=/media/sdb1 --uefi-secure-boot
I did not copy any grub.cfg to /media/sdb/boot/grub yet.
reboot
In boot menu I chose this disk but got the red message.
Any ideas ?
I'm aware that doing this with commercial distribution (e.g ubuntu) is much simpler.
But this is not what I'm looking.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
