Now I have an error after GRUB. It's something about kernel signature.Originally Posted by pauloferreira
There should be an easy solution for keeping Secure Boot ON.
Fedora and Linux Foundation are really tricky.
I spent my sleep trying to setup Fedora with Secure Boot ON, but I just got successive fails.
But, first I'll register here what I did to start EFI bootloader and "bypass" Secure Boot validation.
1. Make two thumb drives from ISO/IMG: (a) Linux Foundation Pre bootloader and (b) Kali Linux x64.
(a) http://blog.hansenpartnership.com/li...stem-released/
2. Start the system using the thumb with the pre bootloader.
Add hashes for Preloader.efi and HashTool.efi using the tool that will open. It's quite user friendly, you just select the file and confirm.
Now I got Secure Boot to accept it.
Backing to a main computer or Windows ou a VM...
3. Merge these two into another thumb drive formatted FAT32.
4. Now it's needed to create EFI boot files like in the first post (I used all files from Fedora's folder), but with some changes.
4.1 Delete /EFI/BOOT/loader.efi and /loader (created by the preloader IMG), it's the real bootloader that must be replaced.
4.2 Copy Fedora's BOOTX64.efi as loader.efi as long as other files for grub (exactly as the fist post).
Now I got a mix of default Kali, Fedora EFI bootloader and Linux Foundation Pre bootloader.
I a few words, pre bootloader is signed by MS and chain to loader.efi (our renamed Fedora) that initialize Kali.
Here comes my nightmare...
5. Restart with EFI and Secure Boot ON reading the merged thumb drive.
GRUB opens the menu, but after selecting any option comes an error like this.
Empty security header
error: /install/gtk/vmlinuz has invalid signature.
error: you need to load the kernel first.
Press any key to continue...
I've researched this error and also tried to modify grub.conf with my settings (root=UUID and /dev/something), but I'm stuck. This same error occurred when I followed just the fist post instructions and disabled Secure Boot. So I think it's not a problem with the pre bootloader.
Any ideas?
