secureboot - not able to sign custom kernel

What version of Parrot are you running?
Parrot GNU/Linux 4.7 Security version - KDE

What method did you use to install Parrot?
debian-standard

Configured to multiboot with other systems?
yes

Briefly describe your issue below:
I’ve installed Parrot OS on my surface and built the custom kernel for the surface from jakeday repo. I’m currently trying to sign my custom kernel that I can turn on secureboot again.

I’ve followed the guide(https://github.com/jakeday/linux-surface/blob/master/SIGNING.md) and all works fine until step 5.

After rebooting (with enabled & disabled secureboot) the “blue screen of a tool called MOKManager” doesn’t appear. Windows is loaded when secure boot is turned on, grub if secure boot is disabled.

I’ve had a look into the directory “/boot/efi/EFI/parrot” and noticed the mmx64.efi and shimx64.efi files are missing.

I’ve installed following packages: apt install shim-signed grub-efi-amd64-signed sbsigntool grub-efi-amd64-signed-template shim-helpers-amd64-signed shim-signed shim-signed-common

Afterwards I’ve copied all files under /usr/lib/shim to /boot/efi/EFI/parrot:

ll /usr/lib/shim/
insgesamt 7,3M
-rw-r--r-- 1 root root  108 Mai  8  2019 BOOTX64.CSV
-rw-r--r-- 1 root root 1,2M Mai  8  2019 fbx64.efi
-rw-r--r-- 1 root root 1,2M Mai  8  2019 fbx64.efi.signed
-rw-r--r-- 1 root root 1,3M Mai  8  2019 mmx64.efi
-rw-r--r-- 1 root root 1,3M Mai  8  2019 mmx64.efi.signed
-rw-r--r-- 1 root root 1,3M Mai  8  2019 shimx64.efi
-rw-r--r-- 1 root root 1,3M Jun  9 18:32 shimx64.efi.signed

Afterwards, I’ve created the boot entries:

BootCurrent: 0004
Timeout: 0 seconds
BootOrder: 0009,0008,0007,0006,0004,0002,0005,0001,0003
Boot0000* SurfaceFrontPage      FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(4042708a-0f2d-4823-ac60-0d77b3111889)VOL+.
Boot0001* Internal Storage      FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(50670071-478f-4be7-ad13-8754f379c62f)SDD.
Boot0002* USB Storage   FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(50670071-478f-4be7-ad13-8754f379c62f)USB.
Boot0003* PXE Network   FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(50670071-478f-4be7-ad13-8754f379c62f)PXE.
Boot0004* parrot        HD(2,GPT,14b580b9-1411-49fd-89dc-522ede2a3067,0xe1800,0x32000)/File(\EFI\parrot\grubx64.efi)
Boot0005  Windows Boot Manager  HD(2,GPT,14b580b9-1411-49fd-89dc-522ede2a3067,0xe1800,0x32000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}....................
Boot0006* shim64-signed HD(9,GPT,00000000-0000-0000-0000-000000000000,0x0,0x1)/File(\EFI\parrot\shimx64_signed.efi)
Boot0007* mmx64-signed  HD(8,GPT,00000000-0000-0000-0000-000000000000,0x0,0x1)/File(\EFI\parrot\mmx64_signed.efi)
Boot0008* mmx64 HD(8,GPT,00000000-0000-0000-0000-000000000000,0x0,0x1)/File(\EFI\parrot\mmx64.efi)
Boot0009* shim64        HD(8,GPT,00000000-0000-0000-0000-000000000000,0x0,0x1)/File(\EFI\parrot\shimx64.efi)

Anyhow, the blue screen on boot still doesn’t appear.

Did I miss something?

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.