[Bug 295454] implementing Secureboot
Date: Wed, 20 May 2026 18:41:29 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=295454
Bug ID: 295454
Summary: implementing Secureboot
Product: Base System
Version: 15.1-STABLE
Hardware: amd64
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: bugs@FreeBSD.org
Reporter: mmudassar@epteck.com
Created attachment 270962
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=270962&action=edit
unverfied
- i have tried to implement secureboot to freeBSD v15-01 (ZFS) stable
- first i generated PK,KEK DB files , signed loader.efi and bootx64.efi files
- enabled secureboot and added auth certificates to NVRAM efivar , which worked
fine
- for next step i built freeBSD v15-01 stable with configrations including
verified execution i.e veriexec
- config file including :
WITH_BEARSSL=yes
WITH_LOADER_EFI_SECUREBOOT=yes
WITH_LOADER_VERIEXEC=yes
WITH_LOADER_VERIEXEC_VECTX=yes
WITH_VERIEXEC=yes
WITHOUT_LOADER_VERIEXEC_PASS_MANIFEST=yes
WITHOUT_LIB32=yes
WITHOUT_TESTS=yes
- built make world, kernel , bootstrap and then release for iso images ,
verified veriexec support which was OK ,
- next step i have signed loader_lua.efi and signed manifest including
/boot/manifest
/boot/manifest.sig
/boot/manifest.certs
/boot/lua/manifest
/boot/lua/manifest.sig
/boot/lua/manifest.certs
/boot/defaults/manifest
/boot/defaults/manifest.sig
/boot/defaults/manifest.certs
/boot/kernel/manifest
/boot/kernel/manifest.sig
/boot/kernel/manifest.certs
- the issue:
when i restarted it gave the error
unverfied /boot/lua/loader/lua: no entry
after running command on boot : include /boot/lua/loader.lua
i received
verified /boot/kernel/manifest signed by FreeBSD test db
unverified boot/kernel/kernel: boot/kernel/kernel: no entry
cannot load kernel
no valid kernel found
- i dont know what i am doing wrong , what should i do next to trace further
information and resolve it, guidance is need to move forward
--
You are receiving this mail because:
You are the assignee for the bug.