Hello,
A similar, but different, topic has been discussed here [1] few weeks ago.
The "error: shim_lock protocol not found" error message is generated by theAccording to the error message, grub2 tried to get the address of the "Shim Lock Protocol", a code provided by the shim program (secure-boot boot loader for Linux) [3] necessary for signature validation of the kernel.
Unfortunately, it seems grub2 fails to get this address with the docking station connected (according to your report).
This is the code of grub_efi_locate_protocol [4] function:It seems that somehow the efi_system_table is different when the docking station is connected.
I would explore the possibility that there is some BIOS configuration that allows the docking station to be trusted when booting with secure boot (i.e. "Security level" in "Advanced, select Port Options")
According to the "technical details" in [5], there is a "security management" for this peripheral:
Hope this helps.
--
[1] Bad shim signature - you need to load the kernel first
[2] https://sources.debian.org/src/grub2/2. ... sb.c/#L179
[3] Package: shim-signed - Secure Boot chain-loading bootloader (Microsoft-signed binary)
[4] https://sources.debian.org/src/grub2/2. ... ?hl=43#L43
[5] HP Universal USB-C Multiport Hub - Specs
A similar, but different, topic has been discussed here [1] few weeks ago.
The "error: shim_lock protocol not found" error message is generated by the
grub_efi_locate_protocol grub function [2]:Code:
[..]static grub_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;[..]static grub_err_tshim_lock_verifier_write (void *context __attribute__ ((unused)), void *buf, grub_size_t size){ grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol (&shim_lock_guid, 0); if (!sl) return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol not found")); if (sl->verify (buf, size) != GRUB_EFI_SUCCESS) return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature")); return GRUB_ERR_NONE;}[..]Unfortunately, it seems grub2 fails to get this address with the docking station connected (according to your report).
This is the code of grub_efi_locate_protocol [4] function:
Code:
[..]void *grub_efi_locate_protocol (grub_guid_t *protocol, void *registration){ void *interface; grub_efi_status_t status; status = grub_efi_system_table->boot_services->locate_protocol (protocol, registration, &interface); if (status != GRUB_EFI_SUCCESS) return 0; return interface;}I would explore the possibility that there is some BIOS configuration that allows the docking station to be trusted when booting with secure boot (i.e. "Security level" in "Advanced, select Port Options")
According to the "technical details" in [5], there is a "security management" for this peripheral:
Is a user manual available for the docking station ?Secure firmware update meets HP secure firmware requirements
Hope this helps.
--
[1] Bad shim signature - you need to load the kernel first
[2] https://sources.debian.org/src/grub2/2. ... sb.c/#L179
[3] Package: shim-signed - Secure Boot chain-loading bootloader (Microsoft-signed binary)
[4] https://sources.debian.org/src/grub2/2. ... ?hl=43#L43
[5] HP Universal USB-C Multiport Hub - Specs
Statistics: Posted by Aki — 2025-01-07 16:06 — Replies 5 — Views 140