Installing signed grub2 for secure boot on Power10

Flashes (Alerts)

Abstract

In order to support secure boot, a signed grub2 bootloader must be installed in the PReP partition of your LPAR.

Content

Linux Releases Affected

RHEL 8.5, RHEL 8.6, and RHEL 9.0.

IBM Systems Affected

IBM Power10.

Symptoms

You need to copy the signed grub into the PReP partition of your LPAR manually to support secure 
boot.

Workaround
In order to support secure boot, you must install a signed grub2 bootloader in the PReP partition of 
your LPAR by using the following steps:
1. Identify the PReP partition. It is usually the first partition of your boot disk, often /dev/sda1.
2. Run the following commands:

grub2-install <PReP partition>

dd if=/usr/lib/grub/powerpc-ieee1275/core.elf of=<PReP partition>

Your LPAR should now be ready for secure boot to be enabled in the HMC.

Fix Outlook
None

I/O device impacted
None.

[{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SGMV157","label":"IBM Support for Red Hat Enterprise Linux Server"},"ARM Category":[{"code":"a8m0z000000Gnl7AAC","label":"Red Hat Enterprise Linux"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Tips

Installing signed grub2 for secure boot on Power10

Flashes (Alerts)

Abstract

Content

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?