-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
rhel-8.10.z
-
None
-
Moderate
-
rhel-bootloader
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
-
x86_64
-
None
What were you trying to do that didn't work?
Trying to IPU from 8.10 to 9.7 with an EFI in secure boot mode. The grub reports the vmlinuz-upgrade el9 kernel has an invalid signature.
As per my understanding, it's related to https://access.redhat.com/articles/7128933
During the first reboot on the rhel9's kernel for the "RHEL-Upgrade-Initramfs", it's still shim from el8 that is in use.
What is the impact of this issue to you?
Cannot IPU to 9.7
Please provide the package NVR for which the bug is seen:
shim-x64-15.8-4.el8_9
How reproducible is this bug?:
Always
Steps to reproduce
- Use an UEFI machine with secure boot enabled
- Install latest leapp/leapp-repository packages for RHEL 9.7 (available on brew for now): leapp-0.20.0-1.el8_10 }}{{leapp-upgrade-el8toel9-0.23.0-1.el8_10
- Upgrade using RHEL 9.7 nightly builds repo
- Reboot
Expected results
The bootloader is able to verify the kernel signature
Actual results
error: ../../grub-core/loader/i386/efi/linux.c:385: (hd0,gpt2)/vmlinuz-upgrade.x86_64 has invalid signature.
error: ../../grub-core/loader/i386/efi/linux.c:256: you need to load the kernel first
Press any key to continue...
Possible workaround (untested)
Install the shim package from RHEL 9 before rebooting.
