main/secureboot-hook: kernel command line?
By following UEFI Secure Boot I'm trying to configure an Alpine edge UKI to boot directly from UEFI on a Acer Swift laptop. This has show to be somewhat problematic.
I have generated UEFI keys with efi-mkkeys
, adjusted cmdline
parameter in /etc/kernel-hooks.d/secureboot.conf and created the UKI by running apk fix kernel hooks
.
For some reason, boot entries I create with efibootmgr
are not displayed in the built-in UEFI boot menu (F12). Also, the UEFI setup does not have any way of enrolling the UEFI keys. However, there is an option named "Select an UEFI file as trusted for executing".
By using this option and selecting the UKI (linux-lts.efi), a boot entry is created in the built-in UEFI boot menu. Booting this entry will result in the error "Mounting boot media: failed" and being dropped into an emergency shell.
I found the problem is because of kernel command line not being passed during boot, and instead being replaced by the string A1:
# cat /proc/cmdline
A1
I have verified that secureboot.conf is configure correctly.
Any ideas?
Thanks.