Package: memtest86+
Version: 7.20-1
Followup-For: Bug #1032375
X-Debbugs-Cc:
[email protected]
Dear Maintainer,
I have a workaround solution meanwhile.
Create your own keys which will later be used with `mokutil` with the following script I have created for this scenario:
https://codeberg.org/horsey_guy/MOK_Key_Create/raw/branch/main/create_keys.sh
You can now use `sbsign --key {SOME_NAME}.key --cert {SOME_NAME}.crt /boot/memtest86+x64.efi --output /boot/memtest86+x64.efi.signed` (cannot in-place sign)
Then symlink /boot/memtest86+x64.efi to /boot/memtest86+x64.efi.signed with `ln -sf /boot/memtestx86+64.efi.signed /boot/memtestx86+64.efi`.
The ia32 variants can be signed too.
Be sure to do the signing whenever memtest86+ is updated. You can make some sort of post-installation hook if that's possible to automate this.
Now use mokutil or else the keys will be rejected: `mokutil --import path/to/cert.der`
I have not tested this method although I will, but it should work as I have done some variation of this.
It would be nice if memtest86+ could be signed with Debian's keys though.
Sincerely,
Huey Chen
-- System Information:
Debian Release: 13.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.15-amd64 (SMP w/12 CPU threads; PREEMPT)
Kernel taint flags: TAINT_USER
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages memtest86+ depends on:
ii grub-common 2.12-9
memtest86+ recommends no packages.
Versions of packages memtest86+ suggests:
pn grub-efi | grub-pc <none>
pn memtester <none>
ii mtools 4.0.48-1
-- no debconf information
-- debsums errors found:
debsums: changed file /boot/memtest86+ia32.efi (from memtest86+ package) debsums: changed file /boot/memtest86+x64.efi (from memtest86+ package)
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)