Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-119684

Secure Boot signed UKI results in GRUB backtrace

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: Generate New Ti...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.0
    • grub2
    • None
    • No
    • None
    • 1
    • rhel-bootloader
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • Bootloader Sprint 2025.4
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • x86_64
    • None

      What were you trying to do that didn't work?

      Boot a system with a Secure Boot signed UKI image, using https://wiki.archlinux.org/title/GRUB#Chainloading_a_unified_kernel_image in the GRUB config:

      menuentry "UKI" {
	insmod fat
	insmod chain
	search --no-floppy --set=root --fs-uuid FILESYSTEM_UUID
	chainloader /EFI/Linux/uki.efi
}

      What is the impact of this issue to you?

      We can not boot signed UKI images from GRUB.

      Please provide the package NVR for which the bug is seen:

      I have not tried on RHEL 10.0 again but the last time I tried was in Fedora 41 or 42.

      How reproducible is this bug?:

      Always.

      Steps to reproduce

      1. Setup a system with a GRUB config poiting to a signed UKI image
      2. Try to boot it

      Expected results

      System boots

      Actual results

      Backtrace (to be added soon)

              bootloader-eng-team bootloader -eng-team
              travier@redhat.com Timothée Ravier
              Timothée Ravier
              bootloader -eng-team bootloader -eng-team
              Release Test Team Release Test Team
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: