Secure Boot chain with nfsfroot

by Victor   Last Updated September 11, 2019 09:01 AM

I have a problem with secure boot. I build a Debian live image and set up a NFS server. On the local machine's ESP partition are the kernel, initramfs, shim, Mok Manager, systemdboot. If I start without secure boot enabled everything is working. With secureboot I get a security violation loading the kernel (vmlinuz). The systemdboot efi is signed with my own MOK key and is loaded correctly. The shim I use is the one provided by debian. The Kernel is signed by Debian, tested with sbverify. The Debian MOK key is deployed on the local machine, tested with mokutil.

Does anyone has an idea why this is failing or has an idea for troubleshooting?

Tags : linux boot debian


Related Questions


Updated April 29, 2017 09:01 AM

Updated December 22, 2017 06:01 AM

Updated January 28, 2018 12:01 PM

Updated March 27, 2019 12:01 PM

Updated August 10, 2017 16:01 PM