Bug#919955: grub-efi-amd64: secure boot does not allow loading ls.mod
Colin Watson
cjwatson at debian.org
Sat Feb 9 09:01:25 GMT 2019
On Sun, Jan 20, 2019 at 11:41:40PM +0100, Heinrich Schuchardt wrote:
> I am using secure boot.
>
> When I open the grub command line and enter 'ls' I get an error message
> like 'Secure boot does not allow to load ls.mod'. Same happens for 'help'.
>
> Please, sign the modules appropriately.
I can't sign modules - firstly, we don't have a mechanism for it, and
secondly, we deliberately include only a subset of modules in the signed
image that we've been able to manually review to make reasonably sure
that they aren't going to permit arbitrary code execution in a secure
boot context. But "ls" and "help" are pretty clearly as safe as
anything else, so I'll add those to the image.
--
Colin Watson [cjwatson at debian.org]
More information about the Pkg-grub-devel
mailing list