To boot grub with shim (for easy secureboot), we need an sbat section in the efi executable. GRUB supports building it into the efi executable via 'grub-install --sbat ...', but the GRUB package currently does not provide an sbat file that users can conveniently include. Arch, for example, ships a /usr/share/grub/sbat.csv[1] in their GRUB package, it would be great if we could do something similar. [1] https://gitlab.archlinux.org/archlinux/packaging/packages/grub/-/blob/main/sbat.csv?ref_type=heads
I really have no clue about secureboot. Patches welcome.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f879895488b938b704ebbde3f444df3d3cce8a0a commit f879895488b938b704ebbde3f444df3d3cce8a0a Author: Andrew Ammerlaan <andrewammerlaan@gentoo.org> AuthorDate: 2024-03-01 15:32:13 +0000 Commit: Andrew Ammerlaan <andrewammerlaan@gentoo.org> CommitDate: 2024-03-01 16:58:09 +0000 sys-boot/grub: install an sbat for grub-install --sbat ... Booting with sys-boot/shim requires that an sbat section is present in the EFI executable. Add an sbat.csv file that can optionally be included when building the grub EFI executable. Closes: https://bugs.gentoo.org/925902 Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/35588 Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org> sys-boot/grub/files/sbat.csv | 3 +++ sys-boot/grub/{grub-2.12-r1.ebuild => grub-2.12-r2.ebuild} | 4 ++++ sys-boot/grub/grub-9999.ebuild | 4 ++++ 3 files changed, 11 insertions(+)
