Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 20 May 2026 18:41:29 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 295454] implementing Secureboot
Message-ID:  <bug-295454-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295454

            Bug ID: 295454
           Summary: implementing Secureboot
           Product: Base System
           Version: 15.1-STABLE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: mmudassar@epteck.com

Created attachment 270962
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=270962&action=edit
unverfied

- i have tried to implement secureboot to freeBSD v15-01 (ZFS) stable 
- first i generated PK,KEK DB files , signed loader.efi and bootx64.efi files 
- enabled secureboot and added auth certificates to NVRAM efivar , which worked
fine 
- for next step i built freeBSD v15-01 stable with configrations including
verified execution i.e veriexec 
- config file including :

WITH_BEARSSL=yes
WITH_LOADER_EFI_SECUREBOOT=yes
WITH_LOADER_VERIEXEC=yes
WITH_LOADER_VERIEXEC_VECTX=yes
WITH_VERIEXEC=yes

WITHOUT_LOADER_VERIEXEC_PASS_MANIFEST=yes
WITHOUT_LIB32=yes
WITHOUT_TESTS=yes

- built make world, kernel , bootstrap and then release for iso images ,
verified veriexec support which was OK , 
- next step i have signed loader_lua.efi and signed manifest including

/boot/manifest
/boot/manifest.sig
/boot/manifest.certs

/boot/lua/manifest
/boot/lua/manifest.sig
/boot/lua/manifest.certs

/boot/defaults/manifest
/boot/defaults/manifest.sig
/boot/defaults/manifest.certs

/boot/kernel/manifest
/boot/kernel/manifest.sig
/boot/kernel/manifest.certs



- the issue:

when i restarted it gave the error 

unverfied /boot/lua/loader/lua: no entry 

after running command on boot  : include /boot/lua/loader.lua
i received


verified /boot/kernel/manifest signed by FreeBSD test db
unverified boot/kernel/kernel: boot/kernel/kernel: no entry 
cannot load kernel 
no valid kernel found 


- i dont know what i am doing wrong , what should i do next to trace further
information and resolve it, guidance is need to move forward

-- 
You are receiving this mail because:
You are the assignee for the bug.
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-295454-227>