Refind RPM binaries not signed for Secure Boot

An EFI boot manager utility

Status: Beta

Brought to you by: srs5694

Refind RPM binaries not signed for Secure Boot

Forum: General Discussion

Creator: Chris Irwin

Created: 2021-05-19

Updated: 2021-05-19

Chris Irwin - 2021-05-19

After installing the "binary RPM" (from the website), I used refind-install to provide a path to the shimx64.efi. I then installed the refind.cer with mokutil, rebooted, and successfully loaded the certificate. However, attempting to start refind reports a "Security Policy Violation".

After much troubleshooting, it appears that the "binary rpm" is not actually signed with the refind certificate:

$ sbverify --cert /etc/refind.d/keys/refind.crt refind-rpm/usr/share/refind-0.13.2/refind/refind_x64.efi No signature table present Signature verification failed

For comparison, the "binary zip" is fine:

$ sbverify --cert /etc/refind.d/keys/refind.crt refind-bin-0.13.2/refind/refind_x64.efi Signature verification OK
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.