search

Foxboron / sbctl

:computer: :lock: :key: Secure Boot key manager
MIT License
1.5k stars 87 forks source link

‘sudo sbctl verify’ Returning ‘panic: bytes.Buffer: truncation out of range’ #376

Closed pengu1nton closed 1 month ago

pengu1nton commented 1 month ago

Was updating my computer. Some errors occurred, related to sbctl when updating any signing. Decided to check everything was verified as signed. Ran sudo sbctl verify and was given this long message.

panic: bytes.Buffer: truncation out of range

goroutine 1 [running]:
bytes.(*Buffer).Truncate(...)
        bytes/buffer.go:98
github.com/foxboron/go-uefi/authenticode.Parse({0x584b24c73aa0, 0xc00006a1a0})
        github.com/foxboron/go-uefi@v0.0.0-20240722190620-5d4f760099bd/authenticode/checksum.go:201 +0xe1b
github.com/foxboron/sbctl/backend.(*KeyHierarchy).VerifyFile(0xc000090400, 0xa0?, {0x584b24c73aa0, 0xc00006a1a0})
        github.com/foxboron/sbctl/backend/backend.go:160 +0x245
github.com/foxboron/sbctl.VerifyFile(0x584b24c731d8?, 0xc000090400, 0x3, {0xc0001482a0?, 0x1?})
        github.com/foxboron/sbctl/keys.go:29 +0xdc
main.VerifyOneFile(0xc0001180c0, {0xc0001482a0, 0x24})
        github.com/foxboron/sbctl/cmd/sbctl/verify.go:51 +0x2d9
main.RunVerify.func1(0xc00011e2a0)
        github.com/foxboron/sbctl/cmd/sbctl/verify.go:99 +0x45
github.com/foxboron/sbctl.SigningEntryIter(0xc0001180c0, 0xc000031b30)
        github.com/foxboron/sbctl/database.go:58 +0x150
main.RunVerify(0xc00012a500?, {0x584b24f8e8a0, 0x0, 0x584b24af2407?})
        github.com/foxboron/sbctl/cmd/sbctl/verify.go:97 +0x33b
github.com/spf13/cobra.(*Command).execute(0x584b24ef2000, {0x584b24f8e8a0, 0x0, 0x0})
        github.com/spf13/cobra@v1.8.1/command.go:985 +0xaca
github.com/spf13/cobra.(*Command).ExecuteC(0x584b24ef0620)
        github.com/spf13/cobra@v1.8.1/command.go:1117 +0x3ff
github.com/spf13/cobra.(*Command).Execute(...)
        github.com/spf13/cobra@v1.8.1/command.go:1041
github.com/spf13/cobra.(*Command).ExecuteContext(...)
        github.com/spf13/cobra@v1.8.1/command.go:1034
main.main()
        github.com/foxboron/sbctl/cmd/sbctl/main.go:166 +0x5a7

Asked in forums and was advised to report upstream (their words, not mine). I don't understand code all that well. My specs: OS: CachyOS Linux x86_64 Host: B550 AORUS ELITE Kernel: Linux 6.11.0-5-cachyos DE: KDE Plasma 6.1.5 WM: KWin (Wayland) CPU: AMD Ryzen 7 5800X3D GPU: AMD Radeon RX 6950 XT

Foxboron commented 1 month ago

This bug report isn't very useful unless I get a copy of the file that fails. Which files do you have enrolled and which file fails?

pengu1nton commented 1 month ago

It's inconsistent on what fails and what doesn't. There are times where it will verify 2 files, then 3, then 5, then 1. My most recent attempt returned this 

Verifying file database and EFI images in /boot...
✓ /boot/60ce69fd47424429b3cd57fc28aaeec2/6.10.6-3-cachyos/linux is signed
✓ /boot/EFI/BOOT/BOOTX64.EFI is signed

Then it crashed again with the same panic error. As for what files I do have enrolled, I did all the basic ones that were in the Arch wiki: /boot/vmlinuz-linux-cachyos /boot/EFI/BOOT/BOOTX64.EFI /boot/EFI/systemd/systemd-bootx64.efi

There are some that are from Windows, but again, it doesn't get far enough to label everything signed.

Foxboron commented 1 month ago

Please run sbctl verify on each of the files and upload the one that fails please.