Hi. I've tried to sign my efi unified kernel stub and uefi didn't load it saying 'signature verification failed'. I've signed the image with a different tool (osslsigncode) and it works now. It seems to be a bug in sbsign. Also, verification using sbverify doesn't work for the properly signed image which can be loaded by uefi. The difference is in hashes the utilities calculate for such files (the screenshot is attached). To reproduce the issue, you can take any manually created unified kernel image (tutorial I used to create it: https://wiki.archlinux.org/title/Systemd- boot#Preparing_a_unified_kernel_image) and try signing it with both tools.
Maybe the problem is because there are some gaps in the image between sections since it's been created like this: $ objcopy \ --add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=0x20000 \ --add-section .cmdline="/etc/kernel/cmdline" --change-section-vma .cmdline=0x30000 \ --add-section .splash="/usr/share/systemd/bootctl/splash-arch.bmp" --change-section-vma .splash=0x40000 \ --add-section .linux="vmlinuz-file" --change-section-vma .linux=0x2000000 \ --add-section .initrd="initrd-file" --change-section-vma .initrd=0x3000000 \ "/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "linux.efi" However, anyway, the tool should work properly for any file... Regards, Anatoliy ** Attachment added: "pestudio_ZzHyi19A3x.png" https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1574372/+attachment/5517653/+files/pestudio_ZzHyi19A3x.png -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1574372 Title: sbsign crashes randomly To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1574372/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs