Hi,
I've just built a netboot-gtk mini.iso against unstable, including the
new kernel. A regular “almost all defaults” (except French to check >things like translations, keymap fun, etc.) install on UEFI gave an
overall successful installation according to d-i, but it doesn't boot:
Verifying shim SBAT data failed: Security Policy Violation
It's been a while since I last toyed with unstable, so I'm not sure
whether this is known already, where it's coming from, etc. Even when
built against unstable, d-i installs testing, so that shouldn't be
linked to the new Linux version running the installer, as what ends up
on disk is testing's version.
This is the exact same test setup as for (old)stable point release
preps, with qemu/bookworm running on a bookworm system.
kvm -m 1G -machine q35,smm=on -pflash /tmp/1/code.fd -pflash /tmp/1/vars.fd -hda /tmp/1/sda.img
with both pflash files initialized from those respectively:
- /usr/share/OVMF/OVMF_CODE_4M.ms.fd
- /usr/share/OVMF/OVMF_VARS_4M.ms.fd
Wild guess: Maybe ovmf would need to ship refreshed files?
Can't investigate more right now, live stream and travel are next.
I've just built a netboot-gtk mini.iso against unstable, including the
new kernel. A regular “almost all defaults” (except French to check things like translations, keymap fun, etc.) install on UEFI gave an
overall successful installation according to d-i, but it doesn't boot:
Verifying shim SBAT data failed: Security Policy Violation
It's been a while since I last toyed with unstable, so I'm not sure
whether this is known already, where it's coming from, etc. Even when
built against unstable, d-i installs testing, so that shouldn't be
linked to the new Linux version running the installer, as what ends up
on disk is testing's version.
This is the exact same test setup as for (old)stable point release
preps, with qemu/bookworm running on a bookworm system.
kvm -m 1G -machine q35,smm=on -pflash /tmp/1/code.fd -pflash /tmp/1/vars.fd -hda /tmp/1/sda.img
with both pflash files initialized from those respectively:
- /usr/share/OVMF/OVMF_CODE_4M.ms.fd
- /usr/share/OVMF/OVMF_VARS_4M.ms.fd
Wild guess: Maybe ovmf would need to ship refreshed files?
Can't investigate more right now, live stream and travel are next.
Who can find out which part in this file is causing the issue? Or which
tools do I need to use to debug this?
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 489 |
Nodes: | 16 (2 / 14) |
Uptime: | 20:47:38 |
Calls: | 9,665 |
Files: | 13,714 |
Messages: | 6,168,096 |