Add SBAT information to Linux kernel (!3581) · Merge requests · cki-project / kernel-ark

Recent versions of shim (e.g. 15.8) refuse to boot UEFI binaries with no SBAT information issuing "Security Policy Violation" error. While this does not yet affect tradition 'shim -> grub -> kernel' and 'shim -> UKI(sd-boot) -> kernel' chains (as both shim and sd-stub have SBAT), direct loading of kernel from shim may also come handy in certain cases. Also, grub may also refuse to boot Linux kernel without SBAT at some point.

Signed-off-by: Vitaly Kuznetsov vkuznets@redhat.com

Edited Dec 31, 2024 by Vitaly Kuznetsov

Add SBAT information to Linux kernel

Merge request reports