After updates to grub2 and kernel in CentOS 7, today, systems will no longer boot in Secure Boot mode. I'm not positive, but I think grub2 is the culprit. Is anyone else seeing the same problem?
On Wed, Sep 16, 2015 at 4:09 PM, Gordon Messmer <gordon.messmer at gmail.com> wrote:> After updates to grub2 and kernel in CentOS 7, today, systems will no longer > boot in Secure Boot mode. I'm not positive, but I think grub2 is the > culprit.I also suspect this is a grub2 issue. Perhaps, you may want to file a bug report [against grub2] at http://bugs.centos.org so that this can be followed properly. Akemi
On 09/17/2015 12:46 PM, Akemi Yagi wrote:> > I also suspect this is a grub2 issue. Perhaps, you may want to file a > bug report [against grub2] at http://bugs.centos.org so that this can > be followed properly.Yeah, I just figured out how to query the signature of the new and previous grub image. The new one is signed with "Red Hat Test Certificate" [root at vagrant ~]# pesign --show-signature --in /var/tmp/grub2-16/boot/efi/EFI/centos/grubx64.efi --------------------------------------------- certificate address is 0x7fb81b3cb808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Inc. No signer email address. Signing time: Thu Mar 26, 2015 There were certs or crls included. --------------------------------------------- [root at vagrant ~]# pesign --show-signature --in /var/tmp/grub2-17/boot/efi/EFI/centos/grubx64.efi --------------------------------------------- certificate address is 0x7fde869bd808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Test Certificate No signer email address. Signing time: Tue Sep 15, 2015 There were certs or crls included. ---------------------------------------------