[Bug 2084104] [NEW] UEFI GRUB2 enforces NX even with a non-NX shim when Secure Boot is disabled

Mate Kukri 2084104 at bugs.launchpad.net
Wed Oct 9 21:55:21 UTC 2024 

Public bug reported:

This still needs to be verified, but I have a strong hunch that this is
a bug...

Please see final comments on
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2078307

What is likely happening is that shim does not export MokPolicy when
Secure Boot is disabled, thus GRUB decides that it must always enforce
NX.

It might be a more sensible default to never enforce NX if Secure Boot
is off.

The only obvious impact right now is Windows chainloading from GRUB when
Secure Boot is disabled.

** Affects: grub2 (Ubuntu)
     Importance: Undecided
         Status: New

** Description changed:

  This still needs to be verified, but I have a strong hunch that this is
  a bug...
  
- Please see comments on
+ Please see final comments on
  https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2078307
  
  What is likely happening is that shim does not export MokPolicy when
  Secure Boot is disabled, thus GRUB decides that it must always enforce
  NX.
  
  It might be a more sensible default to never enforce NX if Secure Boot
  is off.

** Description changed:

  This still needs to be verified, but I have a strong hunch that this is
  a bug...
  
  Please see final comments on
  https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2078307
  
  What is likely happening is that shim does not export MokPolicy when
  Secure Boot is disabled, thus GRUB decides that it must always enforce
  NX.
  
  It might be a more sensible default to never enforce NX if Secure Boot
  is off.
+ 
+ The only obvious impact right now is Windows chainloading from GRUB when
+ Secure Boot is disabled.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2084104

Title:
  UEFI GRUB2 enforces NX even with a non-NX shim when Secure Boot is
  disabled

Status in grub2 package in Ubuntu:
  New

Bug description:
  This still needs to be verified, but I have a strong hunch that this
  is a bug...

  Please see final comments on
  https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2078307

  What is likely happening is that shim does not export MokPolicy when
  Secure Boot is disabled, thus GRUB decides that it must always enforce
  NX.

  It might be a more sensible default to never enforce NX if Secure Boot
  is off.

  The only obvious impact right now is Windows chainloading from GRUB
  when Secure Boot is disabled.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2084104/+subscriptions

More information about the foundations-bugs mailing list