The grub, and kernel are all signed. The grub are build with sbat
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,5,Free Software Foundation,grub,2.12,https://www.gnu.org/software/grub/
grub.ubuntu,2,Ubuntu,grub2,2.12-1ubuntu7.3,https://www.ubuntu.com/
grub.peimage,2,Canonical,grub2,2.12-1ubuntu7.3,https://salsa.debian.org/grub-team/grub/-/blob/master/debian/patches/secure-boot/efi-use-peimage-shim.patch
grub.cfg
echo Disk Installer
linux /vmlinuz root=live:CDLABEL=bootable-iso
initrd /initrd.img
boot
The shim logs with mokutil --set-verbosity true
mok.c:927:import_one_mok_state() maybe mirroring "MokPolicy", original data:
mok.c:620:mirror_one_mok_variable() v->name:"MokPolicy" v->rtname:"MokPolicyRT"
mok.c:621:mirror_one_mok_variable() v->data_size:0 v->data:0x0
mok.c:622:mirror_one_mok_variable() FullDataSize:0 FullData:0x0
mok.c:668:mirror_one_mok_variable() FullDataSize:0 FullData:0x0 p:0x0 pos:0
mok.c:767:mirror_one_mok_variable() FullDataSize:0 FullData:0x0 b:0x0 pos:0
mok.c:820:mirror_one_mok_state() returning Success
mok.c:1032:import_one_mok_state() checking mok request
mok.c:1054:import_mok_state() mok returned Success
mok.c:1064:import_mok_state() returning Success
shim.c:1705:shim_init() UEFI SHIM
$Version: 15.8 $
$BuildMachine: Linux x86_64 x86_64 x86_64 GNU/Linux $
$Commit: master $
load-options.c:312:parse_load_options() full load options:
include/hexdump.h:92:vhexdumpf() hexdump of a NULL pointer|
shim.c:186:load_image() attempting to load \EFI\BOOT\grubx64.efi
pe.c:318:generate_hash() cba3-auth? ... (this line is blurry/partially obscured)
pe.c:319:genXXXXX|8...|
pe.c:319:generate_hash() 00000004 59 c1 35 01 08 37 ef c9 83 ec e2 4c e6 15 37
d9 |Y.5..7.....L..7.|
pe.c:320:generate_hash() sha256 authenticode hash:
pe.c:321:generate_hash() 00000000 e8 c7 cd 86 9c b8 95 06 1c 2d 19 e6 dc 74 e3
04 |...........t..|
pe.c:378:verify_sbat_section()
pe.c:378:verify_sbat_section() grub.peimage, 2, Canonical, grub2, 2.12-1ubuntu7.
3, https://salsa.debian.org/grub-team/grub/-/blob/master/debian/patches/secure-boot/efi-use-peimage-shim.patch
sbat.c:138:verify_single_entry() component sbat has a matching SBAT variable entry, verifying
sbat.c:138:verify_single_entry() component grub has a matching SBAT variable entry, verifying
sbat.c:204:verify_sbat_helper() finished verifying SBAT data: Success
Verification succeeded
pe.c:318:generate_hash() sha1 authenticode hash:
pe.c:319:generate_hash() 00000000 XX XX XX XX XX XX XX XX XX XX XX XX 38 ce bb
f5 XXXXXXXXXXXX|8...|
pe.c:319:generate_hash() 00000004 59 c1 35 01 08 37 ef c9 83 ec e2 4c e6 15 37
d9 |Y.5..7.....L..7.|
pe.c:320:generate_hash() sha256 authenticode hash:
pe.c:321:generate_hash() 00000000 eb c7 cd 86 9c b0 95 06 1c 2d 19 e6 dc 74 e3
04 |...........t..|
pe.c:321:generate_hash() 00000010 a0 f1 ff 80 b3 ee 53 cd ef f4 56 7b 82 56 2c
b1 |......S...V{.V,.|
pe.c:708:handle_image() Loading 0xB2000 bytes at 0x603FF000
Disk Installer
pe.c:318:generate_hash() sha1 authenticode hash:
pe.c:319:generate_hash() 00000000 XX XX XX XX XX XX XX XX XX XX XX XX 04 b3 02
ea XXXXXXXXXXXX|....|
pe.c:319:generate_hash() 00000004 79 7d f8 f8 89 f8 54 b6 01 6a 23 ad 16 7d 92
ea XXXXXXXXXXXX|...|
pe.c:319:generate_hash() 00000004 79 7d f8 f8 89 f8 54 b6 01 6a 23 ad 16 7d 92
58 |y}....T..j#..}.X|
pe.c:320:generate_hash() sha256 authenticode hash:
pe.c:321:generate_hash() 00000000 9d 95 99 36 0e f9 88 75 b1 1b a2 3a 75 8c 46
81 |...6...u...:u.F.|
pe.c:321:generate_hash() 00000010 f1 1c 64 9c d3 48 c9 00 13 ac 63 25 22 9b eb
0b |...d..H....c%"..|
shim.c:611:verify_buffer_authenticode() check_allowlist: Not Found
shim.c:673:verify_buffer_authenticode() Attempting to verify signature 0:
shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 1 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 2 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 3 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 4 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 5 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 6 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 7 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 8 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 9 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 10 (db)
shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (MokListRT)
shim.c:154:check_db_cert_in_ram() AuthenticodeVerify() succeeded: 1
pe.c:348:verify_sbat_section() No .sbat section data
Observed call flow
A [UEFI firmware] --> B[shim: efi_main -> import_mok_state -> shim_init]
B --> C[start_image("\\EFI\\BOOT\\grubx64.efi")]
C --> D[handle_image -> verify_buffer_authenticode -> verify_buffer_sbat]
D --> E[grubx64.efi SBAT check succeeds]
E --> F[grub starts: "Loading 0xB2000 bytes..."]
F --> G[grub uses SHIM_LOCK->Verify for next PE image]
G --> H[shim_verify -> verify_buffer_authenticode -> verify_buffer_sbat -> "No .sbat section data"]
It went into grub shell after above logs.
The grub, and kernel are all signed. The grub are build with sbat
grub.cfg
The shim logs with mokutil --set-verbosity true
Observed call flow
It went into grub shell after above logs.