View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0018551CentOS-7grub2public2022-12-16 15:552022-12-20 18:55
Reporterjitterbug Assigned To 
PriorityimmediateSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Platformx86_64OSCentOSOS Version3.10.0-1160.80.1
Product Version7.9.2009 
Summary0018551: EFI Secure boot enabled VM fails to boot with "Verification failed: (0x1A) Security Violation" by latest grub2
DescriptionSecure boot/EFI enabled VM will fail to boot if updated to 2.02-0.87.0.1.el7.centos.11 (instead of centos.9)
Steps To ReproduceSecure boot enabled CentOS 7 VM will not boot with blue screen "Verification failed: (0x1A) Security Violation" if updated to latest grub2

Tested environment:
CentOS 7
kernel: 3.10.0-1160.80.1.el7.x86_64
grub2-2.02-0.87.0.1.el7.centos.11
EFI/Secure boot enabled VM (VMware ESXi, 7.0.3, 20328353)

Temporarily fix:
1. Disable Secure boot in Boot Option.
2. # yum downgrade grub2
3. Enable Secure boot

Tagsefi, grub, grub2, secure boot
abrt_hash
URL

Activities

TrevorH

TrevorH

2022-12-16 16:14

manager   ~0039052

Do you have access to a RHEL 7 system to test if the update works there? The RH Developer Subscription allows up to 16 free RHEL systems to be used for free.
TrevorH

TrevorH

2022-12-16 16:51

manager   ~0039053

Bug is confirmed, the grubx64.efi file is not signed correctly. Package needs rebuilding and rereleasing to fix.
jitterbug

jitterbug

2022-12-20 18:18

reporter   ~0039054

I don't have RHEL 7 to test at work. I tested on local laptop VMWare Fusion and it failed also, had to boot up with fips=0.

BTW, I see that latest grub2 is released, grub2.x86_64 1:2.02-0.87.0.2.el7.centos.11, tested and working. We could patch and reboot fine.
toracat

toracat

2022-12-20 18:55

manager   ~0039055

Yes, fixed in 2.02-0.87.0.2 :

https://git.centos.org/rpms/grub2/c/f77e6cf680491061f94ff6f424ef3b26b65a67c3?branch=c7
toracat

toracat

2022-12-20 18:55

manager   ~0039056

Thanks for the report. Now closing as resolved.

Issue History

Date Modified Username Field Change
2022-12-16 15:55 jitterbug New Issue
2022-12-16 15:55 jitterbug Tag Attached: efi
2022-12-16 15:55 jitterbug Tag Attached: grub
2022-12-16 15:55 jitterbug Tag Attached: grub2
2022-12-16 15:55 jitterbug Tag Attached: secure boot
2022-12-16 16:14 TrevorH Note Added: 0039052
2022-12-16 16:51 TrevorH Note Added: 0039053
2022-12-20 18:18 jitterbug Note Added: 0039054
2022-12-20 18:55 toracat Note Added: 0039055
2022-12-20 18:55 toracat Status new => resolved
2022-12-20 18:55 toracat Resolution open => fixed
2022-12-20 18:55 toracat Note Added: 0039056