On 08.12.22 15:02, Michael Adler wrote: >> I don't mind adding runtime checks if they help in debugging not completely >> unlikely issues. > > Since it happened to me and I was using bg_gen_unified_kernel, I'd say it's > not completely unlikely :) Given that this > tool is rather new, I wouldn't be surprised if there are more bugs waiting be > discovered in the future (it's just the > nature of software). > >> But I'm even more interested in finding and avoiding issues between the >> artifact production, UKI generation and >> finally signing possibly corrupted things. > > I agree, the actual problem is that bg_gen_unified_kernel generated an > invalid UKI; it did produce a valid image though > once I enabled CONFIG_EFI in the kernel (which was missing for the corrupted > image). I will try to reproduce this issue > after fixing another issue with U-Boot.
Ah, that is a good hint! Without that, the kernel carries no EFI stub, thus has no PE header. That should be checked by the generator. Jan -- Siemens AG, Technology Competence Center Embedded Linux -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/2b0fe238-8eba-b2cd-2677-2a46e514cbab%40siemens.com.
