Description of problem: I got to test the UEFI feature on a bare metal host (Dell PowerEdge R330) and found out, the /var/lib/tftpboot/grub2/grubx64.efi fails to boot with 'validation failed' [1] when Secure Boot is enabled. On lzap's advice, i tried to replace the file by the one located in /boot/efi/EFI/redhat/grubx64.efi which booted just fine. Is there a problem with signing the bootloader? Version-Release number of selected component (if applicable): 6.3.0 Snap 1 How reproducible: Steps to Reproduce: 1. get a machine supporting UEFI and secure boot 2. create a host with "Grub2 Uefi Secure Boot" pxe loader option Actual results: Verification failed: http://storage2.static.itmages.com/i/16/0923/h_1474643658_3444841_50e85b6ce5.png Expected results: the signature is valid and secure boot allows the bootloader to boot Additional info:
Created redmine issue http://projects.theforeman.org/issues/16705 from this bug
Upstream bug component is Installer
Upstream bug assigned to lzap
Shim is correctly deployed, the problem is we build our own grubx64.efi file during installation and apparently it is missing some bits (signature perhaps). The solution will be to copy pre-built version from /boot/EFI directory, which was confirmed to work.
Moving this bug to POST for triage into Satellite 6 since the upstream issue http://projects.theforeman.org/issues/16705 has been resolved.
VERIFIED sat6.3.0-#20 the new grubx64.efi file gets loaded just fine and loads.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. > > For information on the advisory, and where to find the updated files, follow the link below. > > If the solution does not work for you, open a new bug report. > > https://access.redhat.com/errata/RHSA-2018:0336