vmlinuz-4.18.0 has invalid signature & secured boot

Issues related to applications and software problems and general support
Post Reply
ranshalit
Posts: 49
Joined: 2015/12/28 17:01:59

vmlinuz-4.18.0 has invalid signature & secured boot

Post by ranshalit » 2019/11/05 15:54:42

Hello,

I have some strange behavior with centos8 which I did not have with centos7...
when I compiled same kernel and installed it it worked perfectly.
After some resets I made some new configuration in kernel and on the new install I got:
"
error: ../../grub-core/loader/i386/efi/linux.c:208(hd0,gpt2)/vmlinuz-4.18.0-51.el8.x86_64 has invalid signature.
error: ../../grub-core/loader/i386/efi/linux.c:93:you need to load the kernel first.

Press any key to continue...
"
I checked BIOS and "secured boot" entry in BIOS is DISABLED !
What is going on ? Why it still give this error ? Why does it think there is a signature error ?
I can't remove this error, and boot.

I also see that this issue is "on progress" in rhel issues of centos8:
https://access.redhat.com/solutions/3771941

Please help,
ranran
Last edited by ranshalit on 2019/11/05 16:07:31, edited 2 times in total.

nouvo09
Posts: 184
Joined: 2009/09/19 19:21:36
Location: Paris, France

Re: vmlinuz-4.18.0 has invalid signature.

Post by nouvo09 » 2019/11/05 16:04:15

Once the kernel is modified, it is no more centos, so nobody but yous knows what you did to this kernel which modifies the signature.
Member of centos-FR forum

ranshalit
Posts: 49
Joined: 2015/12/28 17:01:59

Re: vmlinuz-4.18.0 has invalid signature.

Post by ranshalit » 2019/11/05 16:07:12

That's understood.

I just want to add that this issue is "on progress" in rhel issues of centos8:
https://access.redhat.com/solutions/3771941

Are you familiar with a way to disable UEFI secured boot ?

Thanks

nouvo09
Posts: 184
Joined: 2009/09/19 19:21:36
Location: Paris, France

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Post by nouvo09 » 2019/11/05 21:56:56

Are you familiar with a way to disable UEFI secured boot ?
Mayve you should open another topic for this.
Member of centos-FR forum

lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Post by lightman47 » 2019/11/05 22:09:23

on my laptop - secure boot is enabled/disabled in the BIOS.

ranshalit
Posts: 49
Joined: 2015/12/28 17:01:59

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Post by ranshalit » 2019/11/06 05:27:37

Hi,

Yes, also in my BIOS there is secured boot option and it is shows DISABLED !
So, why does grub still check kernel signature ?
I also compiled the custom kernel just as I did before (make, make install).

Any idea what else I can do ?

Thanks

ranshalit
Posts: 49
Joined: 2015/12/28 17:01:59

Disabling secured boot in grub ?

Post by ranshalit » 2019/11/06 11:17:38

Hello,

How can we disable secured boot with UEFI ?
In BIOS I see secured boot "DISABLED", but grub still check signature of kernel.
Is there a way to disable grub checking ?

Thanks,
ranran

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Post by TrevorH » 2019/11/06 11:38:39

Please don't make duplicate posts, merged into your existing thread.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

ranshalit
Posts: 49
Joined: 2015/12/28 17:01:59

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Post by ranshalit » 2019/11/06 11:50:30

OK, I opened another thread just because someone above suggested to open a new post for how to disable secured boot...
Thanks

harrywangca
Posts: 107
Joined: 2016/01/12 23:27:04
Location: Vista California

Re: vmlinuz-4.18.0 has invalid signature & secured boot

Post by harrywangca » 2020/04/03 15:51:32

I made it work to comment out followings in .config file and build the kernel.

#CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
#CONFIG_SYSTEM_TRUSTED_KEYRING=y
#CONFIG_SYSTEM_TRUSTED_KEYS=""
#CONFIG_MODULE_SIG_ALL=y

Post Reply