Re: GRUB can't chainload Windows under Secure Boot

[Andrei Borzenkov]

08.12.2016 18:50, Giovanni Santini пишет:
> Il 08/12/2016 15:05, Andrei Borzenkov ha scritto:
>>
>> Well, I do not know about Arch, but Ubuntu is using patch similar to
>> openSUSE, which means - it REQUIRES shim. Patch replaces default
>> chainloader command with one that calls shim and fails if it cannot do
>> it. It should have provided additional one, chainloaderefi similar to
>> linuxefi, instead.
>>
> 
> I see...
> From what I know, shim is not provided by ArchLinux. The suggested way
> for Secure Boot is to use Linux Foundation PreLoader and HashTool.
> From our discussion, I understood that using PreLoader doesn't involve
> running it again.
> So, the only needed thing to fix is the 'chainloader' command so that it
> can read UEFI binaries even under Secure Boot (or provide a new one like
> 'chainloaderefi'), if I understood correctly.

If you are using Linux Foundation chainloader I expect normal GRUB
chainloader command to work. Do you have pointers to preloader binary
you are using? I am actually interested in testing it as alternate way
of providing secure boot support in GRUB.

> Not sure else how to make PreLoader load other UEFI files else, as it
> tries automatically to load the binary called 'loader.efi'.
> 

You should only need to load main GRUB binary. Do you have pointers to
Arch package and patches it uses?