Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: rhel-9.8
Component/s: grub2
Labels:
- Azure

Regression:
None
Severity:
None

AssignedTeam:
rhel-bootloader

Story Points:
2
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Sprint:
None

Preliminary Testing:
None
Test Coverage:
None

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Recently, grub2 was switched to using "Red Hat Secure Boot Signing 802" cert for SecureBoot. This can only work if the shim carries signing CA cert and this is not a given. E.g. shim-x64-15.6-1.el9 from RHEL9.2 does not have it and is not capable of booting anything signed by 800-series certs.

The proposed solution is to add an explicit:

Conflicts: shim-x64 < 15.8-1

Requires: shim-x64 >= 15.8-1

to the grub2-efi-x64 package.

Assignee:: bootloader -eng-team

Reporter:: Vitaly Kuznetsov

Developer:: bootloader -eng-team

QA Contact:: Release Test Team

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/11/05 8:19 AM

Updated:: 2025/11/18 8:05 AM

Stale Date:: 2026/11/04

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates