Re: GRUB can't chainload Windows under Secure Boot

[Andrei Borzenkov]

08.12.2016 21:27, Giovanni Santini пишет:
> Il 08/12/2016 18:34, Andrei Borzenkov ha scritto:
>>
>> If you are using Linux Foundation chainloader I expect normal GRUB
>> chainloader command to work. Do you have pointers to preloader binary
>> you are using? I am actually interested in testing it as alternate way
>> of providing secure boot support in GRUB.
>>
>> ...
>>
>> You should only need to load main GRUB binary. Do you have pointers to
>> Arch package and patches it uses?
>>
> 
> Sure thing, I will provide you everything you need!
> So,
> - grub package sources:
> https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/grub
> - signed preloader sources:
> https://aur.archlinux.org/packages/preloader-signed/
> - grub EFI install on Arch:
> https://wiki.archlinux.org/index.php/GRUB#Installation_2
> - Secure Boot setup using preloader:
> https://wiki.archlinux.org/index.php/Secure_Boot#Set_up_PreLoader
> 
> The only thing that I can point out is that the preloader setup is
> written for *systemd-boot*... But the changes for make it work for Arch
> are almost zero.
> 
> Also, above I've provided the grub sources, as I think they're more
> appropriated. Else, here is a link to 64bit binary package:
> https://www.archlinux.org/packages/core/x86_64/grub/
> 
> If you have any issues with package building, I can give you contacts so
> that I can provide you some direct help with it.
> Else, I think that these two references should be enough:
> https://wiki.archlinux.org/index.php/Arch_Build_System
> https://wiki.archlinux.org/index.php/Makepkg
> 
> Waiting for your feedback! :)
> 

Works just as fine. I get your error if I attempt to load unsigned image
(for which no hash was enrolled).