From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from msg-1.mailo.com (msg-1.mailo.com [213.182.54.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0D2085C91 for ; Sun, 9 Oct 2022 19:56:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mailo.com; s=mailo; t=1665345359; bh=yKIUiH44ic9D8SygeTauotu+d4jyIpzmeg/dz9Nmq3o=; h=X-EA-Auth:Date:From:To:Cc:Subject:Message-ID:References: MIME-Version:Content-Type:In-Reply-To; b=I0z6k0ddbO/G++IHj/du0hr0und9OHbWXGtuX8+w79PZVaSHdY+VHagm2b0yPAkgk gDjpPK0ce6aIxL4i+cP6B5Nh8siqyrjYvkLGAGAEKa3XKH/2qeOf78bAl2XIsXeoxm 0eLWYCZ+yNI5crpKaYcB0WubQYFg8+NtRn3Jt8KU= Received: by b-1.in.mailobj.net [192.168.90.11] with ESMTP via [213.182.55.206] Sun, 9 Oct 2022 21:55:59 +0200 (CEST) X-EA-Auth: 9M108QzAZkdYyZ2esOYxtxMISec+zzfGKU7KKgApVf1a1AExiy3IPQ8HAeAzvSToivGi0Um25O8aZNFGbR6zxV0j7XsEuKyQ Date: Mon, 10 Oct 2022 01:25:56 +0530 From: Deepak R Varma To: Julia Lawall Cc: outreachy@lists.linux.dev Subject: Re: trouble booting into staging kernel Message-ID: References: Precedence: bulk X-Mailing-List: outreachy@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: On Sun, Oct 09, 2022 at 09:12:37PM +0200, Julia Lawall wrote: > > > On Mon, 10 Oct 2022, Deepak R Varma wrote: > > > On Sun, Oct 09, 2022 at 07:56:51PM +0200, Julia Lawall wrote: > > > > > > > > > On Sun, 9 Oct 2022, Deepak R Varma wrote: > > > > > > > Hello, > > > > I am natively running 5.15.0-48-generic on my HP Laptop with Secure boot on. I > > > > tried to follow the Kernel First patch tutorial steps and managed to build > > > > Kernel release 6.0.0rc4. There were issues during the module building associated > > > > with the certificates / signing of the modules. I got those supressed by > > > > emptying the following two config parameters as copied over from the native > > > > config file: > > > > > > > > CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem" > > > > CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem" > > > > > > > > set to new value > > > > > > > > CONFIG_SYSTEM_TRUSTED_KEYS="" > > > > CONFIG_SYSTEM_REVOCATION_KEYS="" > > > > > > > > The build was successful, however, I am unable to boot into my new kernel and > > > > have received following errors: > > > > > > > > error: bad shim signature > > > > Loading initial ramdisk > > > > error: you need to load the kernel first > > > > > > > > I tried to seek from net, but did not find any workable resolution. Can you > > > > please suggested how can I correct this error or if I missed any steps? > > > > > > Maybe you have to remove secure boot? I have the impression that I did > > > that on one of my machines, but I don't have that machine in front of me. > > > > Thank you for the quick response. I did try disabling the secure boot option and > > also cleared the certificate DB. Tried a few combinations of these options. > > Unfortunately, nothing helped so far. > > Did you try what is described here? > > https://unix.stackexchange.com/questions/701612/cant-load-self-signed-kernel-with-secure-boot-on-bad-shim-signature I am planning to do the following from this link next. I will let you know how it goes. Create your own secureboot signing certificate without such an EKU, enroll it into either mok or db, and use it for signing. Thank you, ./drv > > julia > > > > > Let me know if I should share any of the files / logs from my system for your > > review. > > > > > > > > Welcome, by the way :) > > > > Thank you Julia. Pleased to be part of this internship challenge. > > > > ./drv > > > > > > > > julia > > > > > > >