Created attachment 846966 [details]
Exported keys from machine
Description of problem:
"Secure Boot Violation:
"Invalid signature detected. Check Secure Boot Policy in Setup"
on a fresh ( Winter 2014/haswell) Dell XPS12 laptop with Secure Boot Enabled
This is from booting, hitting F12 to select the UEFI method on the USB disk
I have tried:
using dd to write to disk
livecd-iso-to-disk --reset-mbr --efi --format
Attached are the exported variables from secure boot settings.
assigning to shim-signed to get the right eyes on this...
Other things tested:
Ubuntu 13.10 x64 iso, Works!
( wipefs --all /dev/sde; dd if=/dev/zero of=/dev/sde bs=1M count=40; dd if=ubuntu.iso of=/dev/sde bs=512k )
Same issue on an recently purchased XPS 15 (9530).
Secureboot causes "Secure Boot Violation":
* Fedora-20-x86_64-DVD.iso (download verified & burned to DVD)
* Fedora-20-x86_64-netinst.iso (download verified & burned to DVD)
Fedora-Live-Desktop-x86_64-20-1.iso (download verified & burned to DVD; dd to USB stick; Fedora liveusb-creator via Windows)
* Fedora-Live-Desktop-x86_64-19-1.iso (download verified & burned to DVD)
I also rebuilt the first image with "fix-uefi-iso.sh" mentioned at #1043274.
Existance of correct certificates checked via "UEFI Secure Boot Checkup (Windows)" by Insyde Software Corp.
Booting works fine with "Ubuntu 14.04 LTS" (burned to DVD).
Please tell me if you need more details.
Can you try the image at http://pjones.fedorapeople.org/Fedora-Live-Desktop-remastered-x86_64-20-1.iso ?
Thanks for the fast response! Tested the image (via burning to DVD), but error remains - unfortunately.
Apologies, that image wasn't as modified as it should have been. I've replaced it at the same URL - can you check again?
Hi Peter! It booting works like a charm - tested again via burning the image to DVD. But I only tested the booting of the Live distribution, since I already installed F20 on my laptop without Secure Boot (using my previous DVDs).
Personal issue: What needs to be done to update/modify my given installation to work with Secure Boot like the new installer image does? (I know, Bugzilla might be the wrong place for asking for help - alternatively, where can I ask?)
Again, thanks for taking care! :-)
You need to make sure pesign is in your package set, and then do this in %post from kickstart (or just run it after installation from tty2):
pesign -i /boot/efi/EFI/fedora/shim.efi -o /tmp/shim.efi -r -u 1
cp -f /tmp/shim.efi /boot/efi/EFI/fedora/shim.efi
cp -f /tmp/shim.efi /boot/efi/EFI/BOOT/BOOTX64.EFI
Note that this is strictly a workaround for a firmware bug.
shim-signed-0.7-2.fc20 has been submitted as an update for Fedora 20.
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing shim-signed-0.7-2.fc20'
as soon as you are able to.
Please go to the following url:
then log in and leave karma (feedback).
shim-signed-0.7-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
I have an Dell Inspiron 347 with Windows 8.1 pre-installed. It is set to UEFI with Secure Boot enabled.
Attempting to boot using FC20 XFCE Live CD or FC20 X86_64 DVD results in:
"Invalid Signature Detected. Check Secure Boot Policy in Setup".
Comment 11 states that fix has been pushed to Fedora 20 stable repository, so I expected this to work, since I downloaded the Fedora ISO after 2014-07-21.
(In reply to Alex Machina from comment #12)
> I have an Dell Inspiron 3647 with Windows 8.1 pre-installed. It is set to
> UEFI with Secure Boot enabled.
> Attempting to boot using FC20 XFCE Live CD or FC20 X86_64 DVD results in:
> "Invalid Signature Detected. Check Secure Boot Policy in Setup".
> Comment 11 states that fix has been pushed to Fedora 20 stable repository,
> so I expected this to work, since I downloaded the Fedora ISO after