Re: [REGRESSION] Secureboot violation for linux enrolled by-hash into db v6.17.4 and v6.18-rc1

On Tue, Oct 21, 2025 at 03:00:56PM +0100, Dimitri John Ledkov wrote:

If one enrolls linux kernel by-hash into db (for example using virt-fw-vars), the secureboot fails with security violation as EDK2 computation of authenticode for the linux binary doesn't match the enrolled hash.

This is reproducible in AWS VMs, as well as locally with EDK2 builds with secureboot.

Not affected v6.17 Not affected v6.17.3 Affected v6.17.4 Affected v6.18-rc1 Affected v6.18-rc2

great, we are bug compatible :)

Once this is fixed in Linus's tree, we will be glad to take the fix into the stable branch.

thanks,

greg k-h