There is already a noble package published: http://archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.58+15.8-0ubuntu1_amd64.deb
Search Criteria
Package Details: shim-signed 15.8+ubuntu+1.58-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/shim-signed.git (read-only, click to copy) |
---|---|
Package Base: | shim-signed |
Description: | Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments (prebuilt x64 and AA64 binaries from Ubuntu) |
Upstream URL: | https://packages.ubuntu.com/noble/shim-signed |
Keywords: | fbx64 mmx64 MokManager SecureBoot shim shimx64 UEFI |
Licenses: | BSD-2-Clause |
Submitter: | nl6720 |
Maintainer: | nl6720 |
Last Packager: | nl6720 |
Votes: | 30 |
Popularity: | 2.24 |
First Submitted: | 2016-12-07 12:04 (UTC) |
Last Updated: | 2024-04-10 11:55 (UTC) |
Dependencies (0)
Required by (3)
- refind-btrfs-c3-c4-git (optional)
- refind-git (optional)
- secureboot-grub
Sources (2)
project0 commented on 2024-04-10 11:40 (UTC)
nl6720 commented on 2024-04-05 15:54 (UTC)
I'm waiting for Ubuntu for publish a new 15.8 amd64
package. I'm assuming it should happen before 2024-04-11 when the Ubuntu 24.04 LTS beta is scheduled.
adv commented on 2024-04-05 15:49 (UTC)
@nl6720 Would you kindly let us know when the package will be updated? It is currently out of date
philch commented on 2024-04-01 20:48 (UTC) (edited on 2024-04-01 20:51 (UTC) by philch)
Thank you @nl6720 and @solsticedhiver for the response.
Yes I have executed the grub-install command using the helper scripts available in this repository: Aur-secureboot-grub 0.2.3-1 and this script runs without any error and creates the grubx64.efi. The difference I see is that with previous release the command sudo mokutil --list-sbat-revocations returns:
sbat,1,2022052400
grub,2
But, with the present release the output is
sbat,1,2023012900
shim,2
grub,3
grub.debian,4
Which tells me that some thing is amiss with the sbat versioning.
solsticedhiver commented on 2024-04-01 13:59 (UTC) (edited on 2024-04-01 14:51 (UTC) by solsticedhiver)
@philch Have you tried to re-install grub? not the package, but the booloader with grub-install ...
. With the latest grub package installed, of course.
I think I saw a warning about resintalling with a recent grub update (of the package)
Note: I don't use grub as bootloader
Edit: Also, looking at the install file of grub, on can see:
Grub does no longer support side-loading modules when secure boot is
enabled. Thus booting will fail, unless you have an efi executable
'grubx64.efi' with bundled modules
nl6720 commented on 2024-04-01 13:04 (UTC)
Sorry, I have no idea about GRUB. All I've read about using Secure Boot + GRUB is that it is a pain.
philch commented on 2024-04-01 12:47 (UTC) (edited on 2024-04-01 12:57 (UTC) by philch)
This release 15.8+ubuntu+1.57-1 is not working on my aptop. Get below error on boot up and PC shuts down:
Verifying shim SBAT: Security Violation Failure Something went terribly wrong [...]
Restoring to earlier version 15.7+ubuntu+1.56-1 and tried re-install and checked the sbat revocation:
sudo mokutil --list-sbat-revocations
sbat,1,2023012900
shim,2
grub,3
grub.debian,4
My current sbat file is as follows:
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,3,Free Software Foundation,grub,2:2.12-2,https//www.gnu.org/software/grub/
grub.arch,1,Arch Linux,grub,2:2.12-2,https://archlinux.org/packages/core/x86_64/grub/
Please advice.
solsticedhiver commented on 2024-03-31 21:59 (UTC) (edited on 2024-03-31 22:16 (UTC) by solsticedhiver)
There is something weird. The deb package is gone. The package can't be built anymore.
solsticedhiver commented on 2024-03-26 23:04 (UTC)
OK. That's one way to dodge the question.
Also, I am wondering why we need to have all the binaries of the arch installed; because only ne will be used, right? Like x86_64 and never any aarch64 efi binaries...
and if you add, later on, the 32bit binaries
nl6720 commented on 2024-03-23 15:04 (UTC)
The EFI binaries are not run in Linux, so I don't see an issue with using arch=('any')
.
Pinned Comments
nl6720 commented on 2021-05-28 11:19 (UTC)
shim 15.4 requires SBAT. It will not launch EFI binaries without a
.sbat
section.nl6720 commented on 2016-12-07 13:17 (UTC) (edited on 2023-12-15 09:27 (UTC) by nl6720)
shimx64.efi
is signed with Microsoft key, they also have a hardcoded Ubuntu key inside. MokManager (mmx64.efi
) is signed with Ubuntu's key.shimx64.efi
can launch any EFI binary signed with Microsoft keys.More information is available on the wiki: Secure Boot#shim.
fbx64.efi
scan the ESP for CSV files with bootloader information and adds boot entries to the NVRAM. Read README.fallback.