Hi Ard,
I try after enrolling KEK.der into DB and kernel booted up successfully. Thanks for your constant support. I have one question... I have enrolled DB.der into DB previously, when I try to enroll another KEK.der into DB then it didn' t allow me. Then I delete the previously enrolled DB.der and enrolled KEK.der. Enrollment succeeded now. Does it mean we can't add more than one ".der" file into DB and we have to sign all our images with same key? Thanks, Meenakshi -----Original Message----- From: Ard Biesheuvel [mailto:ard.biesheu...@linaro.org] Sent: Friday, April 22, 2016 1:55 PM To: Meenakshi Aggarwal <meenakshi.aggar...@nxp.com> Cc: Laszlo Ersek <ler...@redhat.com>; edk2-devel@lists.01.org <edk2-de...@ml01.01.org> Subject: Re: [edk2] facing memory allocation failure on QEMU On 22 April 2016 at 10:18, Meenakshi Aggarwal <meenakshi.aggar...@nxp.com> wrote: > Hi Ard, > > > I tried your image, its verification succeeded, then I tried my kernel > Image, verification succeeded for that as well. > > > The only difference is... previously I was signing the image in /mnt > directory after mounting vexpress64-oe.img and replacing Image with latest > one. > And Now I signed it elsewhere. > > > Didn’t understand why this is happening because signed image of Grub and > HelloWorld works fine by following similar steps. > > > > Now, while I am launching kernel with this verified kernel image, I am > receiving following error: > > FS0:\> Image.signed root=/dev/vda2 console=ttyAMA0,38400n8 > earlycon=pl011,0x9000 > 000 > FSOpen: Open '\Image.signed' Success > FS0:\> Open '\Image.signed' Success > FSOpen: Open '\Image.signed' Success > FSOpen: Open '\Image.signed' Success > The image doesn't pass verification: > VenHw(837DCA9E-E874-4D82-B29A-23FE0E23D1E2,003E000A00000000)/HD(1,MBR, > 0x00000000,0x3F,0x21FC0)/\Image.signed > InstallProtocolInterface: 5B1B31A1-9562-11D2-8E3F-00A0C969723B > 7A73A8C0 Loading driver at 0x0007771F000 EntryPoint=0x000780D3FD0 > Loading driver at 0x0007771F000 EntryPoint=0x000780D3FD0 > InstallProtocolInterface: BC62157E-3E33-4FEC-9920-2D3B36D750DF > 7A740B98 Unloading driver at 0x0007771F000 Command Error Status: > Security Violation > Yes, this is expected if you sign with KEK. You can simply enroll KEK.der into DB, and it should work fine. _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel
