Was able to get Xen to boot(-)ish without Secure Boot enabled in BIOS. However when trying to use Secure Boot enabled, it failed violating policy as indicated by GRUB. I believed it was that the kernel wasn't signed, so...
Code:
hackwrench@debian:/var/lib/shim-signed/mok$ sudo sbsign --key MOK.priv --cert MOK.pem "/boot/xen-4.16-amd64.efi" --output "/boot/xen-4.16-amd64.efi.tmp"
warning: data remaining[2583552 vs 2853007]: gaps between PE/COFF sections?
warning: data remaining[2583552 vs 2853008]: gaps between PE/COFF sections?
Enter PEM pass phrase:
Signing Unsigned original image
hackwrench@debian:/var/lib/shim-signed/mok$ sbverify --list /boot/xen-4.16-amd64.efi
warning: data remaining[2583552 vs 2853007]: gaps between PE/COFF sections?
warning: data remaining[2583552 vs 2853008]: gaps between PE/COFF sections?
No signature table present
hackwrench@debian:/var/lib/shim-signed/mok$ sbverify --list /boot/xen-4.16-amd64.efi.tmp
warning: data remaining[2585088 vs 2854544]: gaps between PE/COFF sections?
signature 1
image signature issuers:
- /CN=XXXXXXX
image signature certificates:
- subject: /CN=XXXXXXX
issuer: /CN=XXXXXXX
hackwrench@debian:/var/lib/shim-signed/mok$ sudo mv "/boot/xen-4.16-amd64.efi.tmp" "/boot/xen-4.16-amd64.efi"
hackwrench@debian:/var/lib/shim-signed/mok$ sbverify --list /boot/xen-4.16-amd64.efi
warning: data remaining[2585088 vs 2854544]: gaps between PE/COFF sections?
signature 1
image signature issuers:
- /CN=XXXXXXX
image signature certificates:
- subject: /CN=XXXXXXX
issuer: /CN=XXXXXXX
got the same results.
EVGA Z590 Dark, 11900KF, Dual 3090 GPUs.
Research hasn't rewarded effort with a solution. All I can seem to find about it online are You-Tube videos of seminars and such. Researching the warning received pretty much just says to ignore them.
Any additional info needed? Any ideas besides disabling Secure Boot altogether?