Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Problem installing sys-boot/grub with secureboot option
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
nxe9
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2021
Posts: 91

PostPosted: Wed Oct 30, 2024 2:20 am    Post subject: Problem installing sys-boot/grub with secureboot option Reply with quote

I have two problems whilte installing sys-boot/grub with secureboot flag. I placed the entries in the make.conf file
Code:
SECUREBOOT_SIGN_KEY="mypath/file.key"
SECUREBOOT_SIGN_CERT="mypath/file.crt"


During installation, sys-boot/grub finds mypath/file.key and asks me to enter the password.

Problem 1: Password entry is not hidden. When digitally signing the UKI kernel with dracut, the prompt is hidden. I would like it to be like this, otherwise I will leave my password in the console logs with each grub installation.

Problem 2: After entering the password, nothing happens. Signing UKi using dracut takes seoncds. In this case, after 20 minutes still nothing minutes. Htop shows the minimum CPU consumption. Something is probably wrong here, or maybe grub takes so long for some reason? I'll wait even longer, but I don't think the installation will go any further. (Edit: Even after 3 hours nothing moved).

My password is not wrong. I double check my key with
Code:
oepnssl rsa -in mypath/file.key -check

and after entering the password the result is RSA key OK.
Back to top
View user's profile Send private message
Hu
Administrator
Administrator


Joined: 06 Mar 2007
Posts: 22577

PostPosted: Wed Oct 30, 2024 1:52 pm    Post subject: Reply with quote

That suggests to me that the password you typed was never passed to the signing tool, and that it is still waiting for your password. To start, please show us the versions of everything involved: grub, the signing tool, and your sync date (which is relevant to how Portage invokes the signing tool). Also, while the system is paused at that prompt, run ps -efwH, extract the lines for the ebuild and the signing tool, and show those. Check that no passwords are shown before posting. I don't expect them to be there.
Back to top
View user's profile Send private message
nxe9
Tux's lil' helper
Tux's lil' helper


Joined: 05 Jun 2021
Posts: 91

PostPosted: Wed Oct 30, 2024 4:13 pm    Post subject: Reply with quote

@Hu: Thanks.

sys-kernel/gentoo-kernel-6.6.58-r1
sys-boot/grub-2.12-r5
app-crypt/sbsigntools-0.9.5
dev-libs/openssl-3.3.2
sys-apps/portage-3.0.65-r1

Quote:
Timestamp of repository gentoo: Mon, 28 Oct 2024...


ps -efwH output
I executed the command in the second terminal when the password prompt appeared. I didn't enter the password this time.
https://bpa.st/AR7IY
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum