Debian Fixes Secure Boot For 64-bit ARM After Being Broken For Two Years

Written by Michael Larabel in Debian on 24 April 2023 at 05:00 PM EDT. 8 Comments
While Debian and its derivatives are quite popular with ARM single board computers, the ARM64 Secure Boot support has been broken for at least two years. But a fix is on the way and it should appear for this year's Debian 12 "Bookworm" release.

Since at least May 2021, Debian's ARM64 build has featured broken Secure Boot support. In particular, this bug has taken the light in recent weeks for noting the breakage with the shim signed by Microsoft and the GRUB2 bootloader signed by Debian.

The fix is a new patch by cherry-picking some parts from upstream GRUB2 around loading ARM with Secure Boot enabled. That patch in turn should work its way into Debian 12.0 Bookworm -- currently it's waiting on approval given the Bookworm freeze.

There is now a call for testing for verifying Debian's ARM64 Secure Boot support when using the latest Debian signed shim and GRUB2 packages.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week