[Bug 2084104] Re: UEFI GRUB2 enforces NX even with a non-NX shim
RK
2084104 at bugs.launchpad.net
Thu Oct 10 14:48:14 UTC 2024
Here is the GRUB debug output with sb on.
** Attachment added: "PXL_20241010_144204653.jpg"
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2084104/+attachment/5826732/+files/PXL_20241010_144204653.jpg
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2084104
Title:
UEFI GRUB2 enforces NX even with a non-NX shim
Status in grub2 package in Ubuntu:
In Progress
Bug description:
Please also see final comments on
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2078307, this
whole thing stareted there.
There are two known affected machines currently, one is confirmed to
correctly be running the non-NX shim and 2.12-5ubuntu5 GRUB.
Despite this, the GRUB on these machines decides to always enforce NX,
likely because the MokPolicy variable is not being exported exactly as
GRUB expects.
This happens with both Secure Boot enabled and disabled.
I have a suspicion that some of the attribute checks in this function
are not behaving as expected on these firmwares:
https://git.launchpad.net/~ubuntu-uefi-
team/grub/+git/ubuntu/tree/debian/patches/nx/efi-Disallow-fallback-to-
legacy-Linux-loader-when-shim-sa.patch#n22
The only obvious impact right now is Windows chainloading from GRUB on
specific affected machines.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2084104/+subscriptions
More information about the foundations-bugs
mailing list