View Issue Details

IDProjectCategoryView StatusLast Update
0018551CentOS-7grub2public2022-12-20 18:55
Reporterjitterbug Assigned To 
Status resolvedResolutionfixed 
Platformx86_64OSCentOSOS Version3.10.0-1160.80.1
Product Version7.9.2009 
Summary0018551: EFI Secure boot enabled VM fails to boot with "Verification failed: (0x1A) Security Violation" by latest grub2
DescriptionSecure boot/EFI enabled VM will fail to boot if updated to 2.02- (instead of centos.9)
Steps To ReproduceSecure boot enabled CentOS 7 VM will not boot with blue screen "Verification failed: (0x1A) Security Violation" if updated to latest grub2

Tested environment:
CentOS 7
kernel: 3.10.0-1160.80.1.el7.x86_64
EFI/Secure boot enabled VM (VMware ESXi, 7.0.3, 20328353)

Temporarily fix:
1. Disable Secure boot in Boot Option.
2. # yum downgrade grub2
3. Enable Secure boot

Tagsefi, grub, grub2, secure boot




2022-12-16 16:14

manager   ~0039052

Do you have access to a RHEL 7 system to test if the update works there? The RH Developer Subscription allows up to 16 free RHEL systems to be used for free.


2022-12-16 16:51

manager   ~0039053

Bug is confirmed, the grubx64.efi file is not signed correctly. Package needs rebuilding and rereleasing to fix.


2022-12-20 18:18

reporter   ~0039054

I don't have RHEL 7 to test at work. I tested on local laptop VMWare Fusion and it failed also, had to boot up with fips=0.

BTW, I see that latest grub2 is released, grub2.x86_64 1:2.02-, tested and working. We could patch and reboot fine.


2022-12-20 18:55

manager   ~0039055

Yes, fixed in 2.02- :


2022-12-20 18:55

manager   ~0039056

Thanks for the report. Now closing as resolved.

Issue History

Date Modified Username Field Change
2022-12-16 15:55 jitterbug New Issue
2022-12-16 15:55 jitterbug Tag Attached: efi
2022-12-16 15:55 jitterbug Tag Attached: grub
2022-12-16 15:55 jitterbug Tag Attached: grub2
2022-12-16 15:55 jitterbug Tag Attached: secure boot
2022-12-16 16:14 TrevorH Note Added: 0039052
2022-12-16 16:51 TrevorH Note Added: 0039053
2022-12-20 18:18 jitterbug Note Added: 0039054
2022-12-20 18:55 toracat Note Added: 0039055
2022-12-20 18:55 toracat Status new => resolved
2022-12-20 18:55 toracat Resolution open => fixed
2022-12-20 18:55 toracat Note Added: 0039056