1

I am new to grub. I am trying to enable UEFI secure boot from grub. I have decided to use shim to verify kernel's signature. Grub can be verified from UEFI.

I have pulled patches from Ubuntu's grub git repository. Grub uses grub_efi_locate_protocol() function to locate shim, currently it is not able to find shim and returns NULL.

I have following queries:

  1. Where should I place shim.efi binary (I have placed it /boot partition)
  2. Where does grub_efi_system_table variable get populated, and how is it used by grub_efi_locate_protocol?

Thanks

jww
  • 97,681
  • 90
  • 411
  • 885
Sharath Kurudi
  • 53
  • 6
  • 1
    Holy sh--t... A question tagged with `grub` that's actually about programming and development. This is a diamond in the rough, and I think we should nurture it. Can you provide some of the code around `grub_efi_locate_protocol` and `grub_efi_system_table`? – jww Jun 20 '17 at 16:25

1 Answers1

3

I was able to solve this issue. When shim is executed, it installs shim protocol. Shim protocol is installed only when secure boot is enabled. I was trying to use the shim protocol with no secure boot, so, grub was unable to find shim protocol. A complete explanation of shim is here https://mjg59.dreamwidth.org/19448.html

Sharath Kurudi
  • 53
  • 6