refind in secure mode forget to look in ext4 partitions

Bug #1922780 reported by geole0 on 2021-04-06
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
refind (Ubuntu)
Undecided
Unassigned

Bug Description

Hello

I have been using refind in insecure mode for many years. I just decided to put a computer in secure mode.

Apart from the difficulty of booting, I can no longer directly choose the various ubuntu on ext4 partitions, it just displays the grub present in the boot partition !!!

Tested with ubuntu version 20.04
Tested with ubuntu version 21.04
Also tested with https://sourceforge.net/projects/refind/files/0.12.0/refind_0.12.0-1_amd64.deb/download

When I return to non-secure mode, all ubuntu are visible again.

There is however an ubunty specially installed in secure mode.
Is it an error in installing the ext4 drivers which are not secure?

Thanks.

geole0 (geole0) wrote :

Hello
I started again, staying very close to the documentation
I am enclosing all the excerpts for you. The ubuntu are still not detected at the time of the reboot.
I specify that I am running from a so-called "live-usb" session.

I want to clarify that in the command line, the two signed files (shimx64.efi.dualsigned and shimx64.efi.signed) are rejected by the name control of the process
/usr/share/refind-0.13.2/refind-install --shim /boot/efi/EFI/refind/shimx64.efi.signed
/usr/share/refind-0.13.2/refind-install --shim /boot/efi/EFI/refind/shimx64.efi.dualsigned

geole0 (geole0) wrote :

Hello
My script of installation under ubuntu 21..04. The ubuntu are still not detected at the time of the reboot.

PDM="/boot/efi" # définir le point de montage
Shim="shimx64.efi" ## Le fichier de boot sécurisé à utiliser sachant que shimx64.efi.dual.signed est actuellement refusé par le script et que shimx64.efi n'est pas signé
Stock=$PDM/EFI/refind ### Le lieu de stockage.

      mkdir $Stock
      cp -r /usr/lib/shim/* $Stock
      if [ ! -f $Stock/$Shim.REF ]; then
         cp -v $Stock/$Shim $Stock/$Shim.REF
         cp -v $Stock/$Shim.dualsigned $Stock/$Shim
      fi
      wget https://sourceforge.net/projects/refind/files/0.13.2/refind_0.13.2-1_amd64.deb
      dpkg --install refind_0.13.2-1_amd64.deb
      echo sbverify --list $Stock/shimx64.efi && sbverify --list $Stock/shimx64.efi
      echo sbverify --list $PDM/EFI/refind/grubx64.efi && sbverify --list $PDM/EFI/refind/grubx64.efi
      cp /usr/share/refind-0.13.2/refind-install $Stock ### Mais ne fonctionne que sous /usr
      cp -r /usr/share/refind-0.13.2/banners $Stock
      cp -r /usr/share/refind-0.13.2/fonts $Stock
      cp -r /usr/share/refind-0.13.2/refind/tools_x64 $Stock

geole0 (geole0) wrote :

Hello
Same problem in Legacy version
It is necessary to tinker with the installation of what is missing!
My script is as follows

PDM="/boot/efi" # définir le point de montage
echo Refind est absent. Installation de refind fourni par UBUNTU lancée.
      add-apt-repository universe && apt update
      echo -ne "\nveuillez valider la réponse \e[1mOUI\e[0m prépositionnée dans la grille d'installation de refind qui va s'afficher en cours d'installation.\n $ERR continuer l'installation."
      read
      apt install --reinstall refind
      rmdir $PDM/EFI/tools 2>/dev/null
      Stock=$PDM/EFI/refind
      cp -r /usr/share/refind/banners $Stock
      cp -r /usr/share/refind/fonts $Stock
      cp -r /usr/share/refind/refind/drivers_x64 $Stock

geole0 (geole0) wrote :

Hello

With debug trace level 4

.......

----------Next loader----------
17:12:46 - Starting ext4_x64.efi
17:12:46 - Using load options ''
17:12:46 - Note: ext4_x64.efi is a driver
17:12:46 - 'EFI\refind\drivers_x64\ext4_x64.efi' is a valid loader
17:12:47 - Getting EFI variable 'SecureBoot' from NVRAM
17:12:47 - Getting EFI variable 'SetupMode' from NVRAM
17:12:47 - Employing Shim LoadImage() hack
17:12:47 - Secure boot error while loading 'ext4_x64.efi'; Status = 15

........

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers