secure boot fails with kernel-3.10.0-327.3.1
Environment
- Red Hat Enterprise Linux 7.2
- kernel-3.10.0-327.3.1.el7.x86_64
- System booting in UEFI mode and "Secure Boot" enabled.
Issue
- secure boot fails with kernel-3.10.0-327.3.1.el7
error: /vmlinuz-3.10.0-327.3.1.el7.x86_64 has invalid signature.
error: you need to load the kernel first
Press any key to continue...
Resolution
- Update to kernel-3.10.0-327.4.4.el7 or later to fix this issue.
- The issue is specific to kernel-3.10.0-327.3.1.el7, so any lower version kernel will also work.
Workaround
The workaround would be disabling secure boot or using secure boot in "setup mode".
It will show message "Booting in insecure mode"
Refer : UEFI Secure Boot in Red Hat Enterprise Linux 7
Root Cause
- The kernel was incorrectly signed.
Diagnostic Steps
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.2 (Maipo)
# uname -r
3.10.0-327.el7.x86_64
# rpm -qa kernel
kernel-3.10.0-327.el7.x86_64
kernel-3.10.0-327.3.1.el7.x86_64
Boot from kernel-3.10.0-327.3.1.el7.x86_64 throws the error while secure boot is in enforced mode.
error: /vmlinuz-3.10.0-327.3.1.el7.x86_64 has invalid signature.
error: you need to load the kernel first
Press any key to continue...
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
