Public bug reported:

This still needs to be verified, but I have a strong hunch that this is
a bug...

Please see final comments on
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2078307

What is likely happening is that shim does not export MokPolicy when
Secure Boot is disabled, thus GRUB decides that it must always enforce
NX.

It might be a more sensible default to never enforce NX if Secure Boot
is off.

The only obvious impact right now is Windows chainloading from GRUB when
Secure Boot is disabled.

** Affects: grub2 (Ubuntu)
     Importance: Undecided
         Status: New

** Description changed:

  This still needs to be verified, but I have a strong hunch that this is
  a bug...
  
- Please see comments on
+ Please see final comments on
  https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2078307
  
  What is likely happening is that shim does not export MokPolicy when
  Secure Boot is disabled, thus GRUB decides that it must always enforce
  NX.
  
  It might be a more sensible default to never enforce NX if Secure Boot
  is off.

** Description changed:

  This still needs to be verified, but I have a strong hunch that this is
  a bug...
  
  Please see final comments on
  https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2078307
  
  What is likely happening is that shim does not export MokPolicy when
  Secure Boot is disabled, thus GRUB decides that it must always enforce
  NX.
  
  It might be a more sensible default to never enforce NX if Secure Boot
  is off.
+ 
+ The only obvious impact right now is Windows chainloading from GRUB when
+ Secure Boot is disabled.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2084104

Title:
  UEFI GRUB2 enforces NX even with a non-NX shim when Secure Boot is
  disabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2084104/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to