playday3008
commented
1 year ago Maybe something else causing secure boot violation, but anyway, in my case it's not works when using sbctl, only when using osslsigncode
Open playday3008 opened 1 year ago
playday3008
commented
1 year ago Maybe something else causing secure boot violation, but anyway, in my case it's not works when using sbctl, only when using osslsigncode
Foxboron
commented
1 year ago The calculated PE checksum unsigned seems to be wrong, so it's not unlikely that osslsigncode is handling an edge case where the starting binary is malformed.
Where did you download this binary from?
playday3008
commented
1 year ago From efitools package, form /usr/share/efitools/efi/SetNull.efi
Using
When signed with 
Unsigned:
SetNull.efifor testing purpose When signed withosslsigncode(sudo osslsigncode sign -certs secureboot/keys/db/db.pem -key secureboot/keys/db/db.key -h sha256 -in SetNull.efi -out SetNull.efi.osslsigncode):sbctl(sudo sbctl sign -s SetNull.efi):I think your implementation does not change the PE checksum
In my case, any binary works only when signed with
osslsigncode. When signed withsbctl, UEFI drops secure boot violation: Invalid signature, blah blah blah