[Bug 1187233] Re: Grub2 fails on ASUS X201E with secure boot is enabled

Steve Langasek steve.langasek at canonical.com
Tue Jul 9 20:03:26 UTC 2013 

Hi Franz,

On Fri, Jul 05, 2013 at 09:07:13AM -0000, Franz Hsieh wrote:
> Please help me check if my steps are correct.

> note: The platform runs Ubuntu-12.04.2 for ASUS image.

> <BOOT the platform to non-secure mode>
> 1. copy  LockDown.efi to /boot/efi/         <EFI partition mount point>
> 2. copy shimx64.efi to /boot/efi/EFI/ubuntu/BOOTX64.EFI
> 3. reboot and change to secure mode in BIOS

This step is wrong.  After copying LockDown.efi to /boot/efi, you next need
to *boot* LockDown.efi from the firmware while in setup mode.  LockDown.efi
handles the process of configuring the firmware's SecureBoot support to
include the key used for signing this shim binary, so that you can do a true
SecureBoot boot with a test binary.

After running LockDown.efi, you should be able to boot shimx64.efi in Secure
Boot mode without a security violation.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to shim in Ubuntu.
https://bugs.launchpad.net/bugs/1187233

Title:
  Grub2 fails on ASUS X201E with secure boot is enabled

Status in GRand Unified Bootloader:
  New
Status in OEM Priority Project:
  Confirmed
Status in OEM Priority Project precise series:
  New
Status in “shim” package in Ubuntu:
  Confirmed

Bug description:
  Summery:
    I downloaded images from ubuntu.com and use usb-creator-gtk to create bootable usb.
    Then use the usb key to boot on my ASUS X201E laptop and it is always failed to boot to OS.

    These images are all failed:
      ubuntu-12.04.2-desktop-amd64.iso
      ubuntu-12.10-desktop-amd64.iso
      ubuntu-13.04-desktop-amd64.iso

    I also enabled grub2 debug message, and found they all fail on:
      loader/i386/efi/linux.c:69: Asking shim to verify kernel signature.

    The BIOS revision of ASUS X201E is 209 which can be downloaded from
  official ASUS website.

    Additionally, Win8 and Fedora-18 can be booted and installed on this
  platform.

To manage notifications about this bug go to:
https://bugs.launchpad.net/grub/+bug/1187233/+subscriptions

More information about the foundations-bugs mailing list