CentOS

The Community ENTerprise Operating System
https://forums.centos.org/

vmlinuz-4.18.0 has invalid signature & secured boot

https://forums.centos.org/viewtopic.php?f=54&t=72391

Page 1 of 1

vmlinuz-4.18.0 has invalid signature & secured boot

Posted: 2019/11/05 15:54:42
by ranshalit
Hello,

I have some strange behavior with centos8 which I did not have with centos7...
when I compiled same kernel and installed it it worked perfectly.
After some resets I made some new configuration in kernel and on the new install I got:
"
error: ../../grub-core/loader/i386/efi/linux.c:208(hd0,gpt2)/vmlinuz-4.18.0-51.el8.x86_64 has invalid signature.
error: ../../grub-core/loader/i386/efi/linux.c:93:you need to load the kernel first.

Press any key to continue...
"
I checked BIOS and "secured boot" entry in BIOS is DISABLED !
What is going on ? Why it still give this error ? Why does it think there is a signature error ?
I can't remove this error, and boot.

I also see that this issue is "on progress" in rhel issues of centos8:
https://access.redhat.com/solutions/3771941

Please help,
ranran

Re: vmlinuz-4.18.0 has invalid signature.

Posted: 2019/11/05 16:04:15
by nouvo09
Once the kernel is modified, it is no more centos, so nobody but yous knows what you did to this kernel which modifies the signature.

Re: vmlinuz-4.18.0 has invalid signature.

Posted: 2019/11/05 16:07:12
by ranshalit
That's understood.

I just want to add that this issue is "on progress" in rhel issues of centos8:
https://access.redhat.com/solutions/3771941

Are you familiar with a way to disable UEFI secured boot ?

Thanks

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Posted: 2019/11/05 21:56:56
by nouvo09
Are you familiar with a way to disable UEFI secured boot ?
Mayve you should open another topic for this.

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Posted: 2019/11/05 22:09:23
by lightman47
on my laptop - secure boot is enabled/disabled in the BIOS.

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Posted: 2019/11/06 05:27:37
by ranshalit
Hi,

Yes, also in my BIOS there is secured boot option and it is shows DISABLED !
So, why does grub still check kernel signature ?
I also compiled the custom kernel just as I did before (make, make install).

Any idea what else I can do ?

Thanks

Disabling secured boot in grub ?

Posted: 2019/11/06 11:17:38
by ranshalit
Hello,

How can we disable secured boot with UEFI ?
In BIOS I see secured boot "DISABLED", but grub still check signature of kernel.
Is there a way to disable grub checking ?

Thanks,
ranran

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Posted: 2019/11/06 11:38:39
by TrevorH
Please don't make duplicate posts, merged into your existing thread.

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Posted: 2019/11/06 11:50:30
by ranshalit
OK, I opened another thread just because someone above suggested to open a new post for how to disable secured boot...
Thanks

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Posted: 2020/04/03 15:51:32
by harrywangca
I made it work to comment out followings in .config file and build the kernel.

#CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
#CONFIG_SYSTEM_TRUSTED_KEYRING=y
#CONFIG_SYSTEM_TRUSTED_KEYS=""
#CONFIG_MODULE_SIG_ALL=y
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited