search

maximbaz / arch-secure-boot

UEFI Secure Boot for Arch Linux + btrfs snapshot recovery
ISC License
126 stars 8 forks source link

sbctl error: couldn't access /usr/share/secureboot/keys/db/db.pem: no such file or directory #29

Closed haplo closed 3 months ago

haplo commented 3 months ago

I'm seeing signing errors when the hook runs:

==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
==> Using default configuration file: '/etc/mkinitcpio.conf'
-> -k /boot/vmlinuz-linux -g /boot/initramfs-linux.img
==> Starting build: '6.9.1-arch1-1'
-> Running build hook: [systemd]
-> Running build hook: [autodetect]
-> Running build hook: [microcode]
-> Running build hook: [modconf]
-> Running build hook: [kms]
-> Running build hook: [keyboard]
==> WARNING: Possibly missing firmware for module: 'xhci_pci'
-> Running build hook: [sd-vconsole]
-> Running build hook: [block]
-> Running build hook: [sd-encrypt]
==> WARNING: Possibly missing firmware for module: 'qat_420xx'
-> Running build hook: [filesystems]
-> Running build hook: [fsck]
==> WARNING: Possibly missing '/bin/sh' for script: /usr/bin/fsck.btrfs
==> Generating module dependencies
==> Decompressing zstd-compressed firmware files
-> Fixing firmware file symlinks
==> Creating zstd-compressed initcpio image: '/boot/initramfs-linux.img'
-> Early uncompressed CPIO image generation successful
==> Initcpio image generation successful
==> Running post hooks
-> Running post hook: [sbctl]
Signing /boot/vmlinuz-linux
couldn't access /usr/share/secureboot/keys/db/db.pem: no such file or directory
==> ERROR: '/usr/lib/initcpio/post/sbctl' failed with exit code 1

couldn't access /usr/share/secureboot/keys/db/db.pem: no such file or directory repeats for every image, both linux and linux-lts, regular and fallback.

Configuration hasn't changed for weeks, I have just been upgrading daily.

Any idea what the problem might be?

haplo commented 3 months ago

Looks like it's sbctl issue 311.

maximbaz commented 3 months ago

Hello! Given that the linked issue is closed, could you confirm whether this issue is fixed for you as well?

haplo commented 3 months ago

I still see the error, but it has to be a red herring because my system boots fine, and yes secure boot is enabled.

maximbaz commented 3 months ago

I suppose it's because there was no release of sbctl since the fix was merged. In any case, since the boot works and the error comes from a /usr/lib/initcpio/post/sbctl in the first place which we don't control in this project, I suppose we can close the issue?

haplo commented 3 months ago

Whatever you prefer @maximbaz. If you leave it open I will close it after a new sbctl is released and I can test it. If you close it I will reopen if it still happens.

maximbaz commented 3 months ago

Okay cool, let's close it then, I don't think it's actionable for me even if the error in the hook persist, since the hook comes from another project.