Hi.
I've tried to sign my efi unified kernel stub and uefi didn't load it
saying 'signature verification failed'. I've signed the image with a
different tool (osslsigncode) and it works now. It seems to be a bug in
sbsign. Also, verification using sbverify doesn't work for the properly
signed image which can be loaded by uefi. The difference is in hashes
the utilities calculate for such files (the screenshot is attached). To
reproduce the issue, you can take any manually created unified kernel
image (tutorial I used to create it:
https://wiki.archlinux.org/title/Systemd-
boot#Preparing_a_unified_kernel_image) and try signing it with both
tools.
Maybe the problem is because there are some gaps in the image between
sections since it's been created like this:
$ objcopy \
--add-section .osrel="/usr/lib/os-release" --change-section-vma
.osrel=0x20000 \
--add-section .cmdline="/etc/kernel/cmdline" --change-section-vma
.cmdline=0x30000 \
--add-section .splash="/usr/share/systemd/bootctl/splash-arch.bmp"
--change-section-vma .splash=0x40000 \
--add-section .linux="vmlinuz-file" --change-section-vma .linux=0x2000000 \
--add-section .initrd="initrd-file" --change-section-vma .initrd=0x3000000 \
"/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "linux.efi"
However, anyway, the tool should work properly for any file...
Regards,
Anatoliy
** Attachment added: "pestudio_ZzHyi19A3x.png"
https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1574372/+attachment/5517653/+files/pestudio_ZzHyi19A3x.png
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1574372
Title:
sbsign crashes randomly
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1574372/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
