View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0004192 | Kali Linux | Kali Package Bug | public | 2017-08-25 12:31 | 2018-02-21 09:42 |
Reporter | defalt | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | open | ||
Product Version | 2017.1 | ||||
Summary | 0004192: [UEFI]shim-signed boot loader is not installing in /EFI/kali/ | ||||
Description | I have installed shim-signed package along with its dependencies from the repository by sudo apt-get install shim-signed. Shim-signed boot loader is signed by Microsoft which allows you to boot kali in your dual-boot machine even if secure boot is enabled. After installing the package, when I enter sudo grub-install --uefi-secure-boot /dev/sda , the output is shown as: The shimx64.efi and shimx64.efi.signed is "SUPPOSED TO BE" generated in EFI(boot-sector)/kali/ but there is no such file except grubx64.efi which is your default unsigned grub boot loader. I verified this by entering sudo ls /boot/efi/EFI/kali , grubx64.efi is the only file present in that directory. | ||||
Steps To Reproduce | It is easy to reproduce: $ sudo apt-cache search shim-signed $ sudo apt-get install shim-signed $sudo grub-install --uefi-secure-boot /dev/sda $ sudo ls /boot/efi/EFI/kali | ||||
Additional Information | Please go through the output shown in the screeshot: http://imgur.com/a/dV7G1 A successful installation will be that if UEFI boots kali from shimx64.efi.signed in secure boot. | ||||
Attached Files | |||||
Complete secure boot support is not yet done on the Debian side, so it's unlikely to work in Kali at this point either. I have not followed the recent development but I know that this was not finished for the stretch release. I don't plan to look further into this issue until it has been advertised to work on Debian already. Furthermore we are currently not signing the kernels that we build, this is one of the divergences that we introduce in Kali as this is a real bottleneck... we would have to be process each kernel upload twice, first building the binaries, then re-uploading them with a signature. |
|
@rhertzog You are right. Debian even refused to add support for secure boot in upcoming Debian 9 https://www.theregister.co.uk/2017/05/01/debian_stretch_omits_secure_boot/ I will make a feature request here for secure boot support as soon as Debian introduced this feature in their upcoming distribution. Considering the amount of cyberattacks that happened this year including Vault 7 leak of NSA's attack on Intel system BIOS firmware, i hope Debian soon make progress in this field. This issue is resolved. |
|
Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling 2016.x/2017.1), these legacy versions are no longer supported. Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/)? If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing,and also give information about your setup? |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2017-08-25 12:31 | defalt | New Issue | |
2017-08-25 12:31 | defalt | File Added: Screenshot from 2017-08-25 15-23-13.png | |
2017-08-25 13:49 | rhertzog | Note Added: 0007145 | |
2017-08-25 14:26 | defalt | Note Added: 0007146 | |
2018-02-21 09:42 | g0tmi1k | Note Added: 0008765 | |
2018-02-21 09:42 | g0tmi1k | Status | new => closed |