Built in grub gpg verification fails over tftp - Red Hat Customer Portal

Issue

While booting an x86_64 efi image over tftp on a vmware 10 instance fails.
The issue can be seen in rhel7 grub 2.02 when using a gpg public key with check_sigantures enabled.
All file operations over tftp complete, but grub immediately throws the following error:

alloc magic is broken at <addr>: <value>
Aborted. Press any key to exit.

Pressing a key takes us back to the EFI firmware.
We can work around the issue by disabling check signatures and manually running verify_detached on a file.
However, we have to pull the kernel and initrd twice, which doubles the boot time.
Signature checking from a memdisk does not appear to be broken.

Environment

Red Hat Enterprise Linux 7.0
tftp
gpg

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content

Quick Links

Help

Site Info

Related Sites

Copyright © 2026 Red Hat

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)