v1.0.0-rc1 - Multiple ESLs can't read

[nasastry]

While reading the grubdb: it has 6 ESL’s but secvarctl read only one and thrown error.

...
                85:42:F6:AF:EE:9C:10:2D:47:18:5D:B8:09:66:09:CF:72:00:6B:F7

ERROR: invalid ESL size (184844848)
        Found 1 ESL's

RESULT: SUCCESS

with the internal secvarctl (probable git head at e3658f2ce5d0089e72eb243e8deacaa2ddd577a4) it was showing all 6 ESLs

...
    Found 6 ESL's

RESULT: SUCCESS

[nasastry]

Couldn't read the SBAT secvar:

# secvarctl read -n sbat
READING sbat :
    ESL SIG LIST SIZE: 51
    GUID is : 50ab5d6046e00043abb63dd810dd8b23
    Signature type is: SBAT
    Data: sbat,1

    DELETE-MSG: sbat,1

ERROR: invalid signature type
    Found 0 ESL's

RESULT: SUCCESS

with internal secvarctl could read SBAT:

# /home/secvarctl/secvarctl -m guest read -n sbat
READING sbat :
    Timestamp: 0000-00-00 00:00:00 UTC
    ESL SIG LIST SIZE: 51
    GUID is : 50ab5d6046e00043abb63dd810dd8b23
    Signature type is: SBAT
    Data: sbat,1

    Found 1 ESL's

RESULT: SUCCESS

[nasastry]

with RC2 could read all grubdb and sbat

[root@ltcrain80-lp2 home]# secvarctl read -n sbat
READING sbat :
ESL 1:
    ESL SIG LIST SIZE: 51
    GUID is : 50ab5d6046e00043abb63dd810dd8b23
    Signature type is: SBAT
    Data: sbat,1

    Found 1 ESL's

RESULT: SUCCESS
[root@ltcrain80-lp2 home]# secvarctl read -n grubdb
READING grubdb :
ESL 1:
    ESL SIG LIST SIZE: 1083
    GUID is : a159c0a5e494a74a87b5ab155c2bf072
    Signature type is: X509
    Certificate-1:  Found certificate info
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:c7:bb:59:b7:7e:97:a6:9c:08:b1:d3:8c:39:a0:8f:35:04:0f:4a
        Signature Algorithm: sha256WithRSAEncryption
        Issuer:
            organizationName          = IBM Corporation
            organizationalUnitName    = Power Systems
            commonName                = Guest Secure Boot Imprint Certificate Authority
            emailAddress              = daniel.axtens1@ibm.com
        Validity
            Not Before: Dec  8 17:46:17 2022 GMT
            Not After : Nov 14 17:46:17 2122 GMT
        Subject:
            organizationName          = IBM Corporation
            organizationalUnitName    = Power Systems
            commonName                = Guest Secure Boot Imprint Signing Key
            emailAddress              = daniel.axtens1@ibm.com
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature
            X509v3 Subject Key Identifier:
                35:16:B1:78:B7:78:AD:AD:97:95:EE:1A:4C:85:58:B6:20:ED:6D:69
            X509v3 Authority Key Identifier:
                85:42:F6:AF:EE:9C:10:2D:47:18:5D:B8:09:66:09:CF:72:00:6B:F7

ESL 2:
    ESL SIG LIST SIZE: 1595
    GUID is : a159c0a5e494a74a87b5ab155c2bf072
    Signature type is: X509
    Certificate-1:  Found certificate info
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5b:5e:59:f2:5f:75:4c:8e:c5:3a:91:07:e9:e7:6d:3c:d0:7f:91:fd
        Signature Algorithm: sha256WithRSAEncryption
        Issuer:
            organizationName          = IBM Corporation
            organizationalUnitName    = Power Systems
            commonName                = Guest Secure Boot Imprint Certificate Authority
            emailAddress              = daniel.axtens1@ibm.com
        Validity
            Not Before: Jul  9 02:28:42 2020 GMT
            Not After : Jun 15 02:28:42 2120 GMT
        Subject:
            organizationName          = IBM Corporation
            organizationalUnitName    = Power Systems
            commonName                = Guest Secure Boot Imprint Signing Key
            emailAddress              = daniel.axtens1@ibm.com
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage:
                Digital Signature
            X509v3 Subject Key Identifier:
                10:48:56:E0:67:BC:D0:BA:2B:16:06:BB:82:B3:78:D4:5D:F5:00:5A
            X509v3 Authority Key Identifier:
                A2:3C:CD:7B:F9:D1:7E:8C:76:2B:C8:DD:E1:B1:3D:FC:E0:CF:24:81

ESL 3:
    ESL SIG LIST SIZE: 960
    GUID is : a159c0a5e494a74a87b5ab155c2bf072
    Signature type is: X509
    Certificate-1:  Found certificate info
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            d3:9c:41:33:dd:6b:5f:45
        Signature Algorithm: sha256WithRSAEncryption
        Issuer:
            commonName                = Red Hat Secure Boot CA 6
            emailAddress              = secalert@redhat.com
        Validity
            Not Before: Feb 15 14:00:44 2021 GMT
            Not After : Jan 17 14:00:44 2038 GMT
        Subject:
            commonName                = Red Hat Secure Boot Signing 602
            emailAddress              = secalert@redhat.com
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                Code Signing
            X509v3 Subject Key Identifier:
                6C:E4:6C:27:AA:CD:0D:4B:74:21:A4:F6:5F:87:B5:31:FE:10:BB:A7
            X509v3 Authority Key Identifier:
                E8:6A:1C:AB:2C:48:F9:60:36:A2:F0:7B:8E:D2:9D:B4:2A:28:98:C8

ESL 4:
    ESL SIG LIST SIZE: 938
    GUID is : a159c0a5e494a74a87b5ab155c2bf072
    Signature type is: X509
    Certificate-1:  Found certificate info
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            da:2b:65:5e:2e:d5:a7:bb
        Signature Algorithm: sha256WithRSAEncryption
        Issuer:
            commonName                = Red Hat Secure Boot CA 7
            emailAddress              = secalert@redhat.com
        Validity
            Not Before: Jun  8 18:29:10 2022 GMT
            Not After : Jan 17 18:29:10 2038 GMT
        Subject:
            commonName                = Red Hat Secure Boot Signing 702
            emailAddress              = secalert@redhat.com
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: critical
                Code Signing
            X509v3 Subject Key Identifier:
                74:91:10:FD:C5:2A:50:93:AD:5D:BD:4B:3D:A9:04:F1:3C:8B:6F:FC
            X509v3 Authority Key Identifier:
                0.

ESL 5:
    ESL SIG LIST SIZE: 1332
    GUID is : a159c0a5e494a74a87b5ab155c2bf072
    Signature type is: X509
    Certificate-1:  Found certificate info
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ed:87:85:b7:8f:fc:12:80
        Signature Algorithm: sha256WithRSAEncryption
        Issuer:
            commonName                = SUSE Linux Enterprise Secure Boot CA
            countryName               = DE
            localityName              = Nuremberg
            organizationName          = SUSE Linux Products GmbH
            organizationalUnitName    = Build Team
            emailAddress              = build@suse.de
        Validity
            Not Before: May 25 12:38:03 2022 GMT
            Not After : Dec 31 12:38:03 2032 GMT
        Subject:
            commonName                = SUSE Linux Enterprise Secure Boot Signkey
            countryName               = DE
            localityName              = Nuremberg
            organizationName          = SUSE Linux Products GmbH
            organizationalUnitName    = Build Team
            emailAddress              = build@suse.de
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                0A:C6:2B:1F:3F:53:42:71:13:25:86:E2:9D:3B:10:41:59:1C:82:4A
            X509v3 Authority Key Identifier:
                keyid:F3:3F:A2:2E:F2:8F:CB:9D:C1:8D:43:D2:0B:C7:EF:65:C1:C5:65:E4
                DirName:/CN=SUSE Linux Enterprise Secure Boot CA/C=DE/L=Nuremberg/O=SUSE Linux Products GmbH/OU=Build Team/emailAddress=build@suse.de
                serial:01
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                Code Signing

ESL 6:
    ESL SIG LIST SIZE: 1332
    GUID is : a159c0a5e494a74a87b5ab155c2bf072
    Signature type is: X509
    Certificate-1:  Found certificate info
 Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            ca:fc:b5:d7:5e:c5:89:82
        Signature Algorithm: sha256WithRSAEncryption
        Issuer:
            commonName                = SUSE Linux Enterprise Secure Boot CA
            countryName               = DE
            localityName              = Nuremberg
            organizationName          = SUSE Linux Products GmbH
            organizationalUnitName    = Build Team
            emailAddress              = build@suse.de
        Validity
            Not Before: Mar  1 13:56:59 2023 GMT
            Not After : Sep 28 13:56:59 2033 GMT
        Subject:
            commonName                = SUSE Linux Enterprise Secure Boot Signkey
            countryName               = DE
            localityName              = Nuremberg
            organizationName          = SUSE Linux Products GmbH
            organizationalUnitName    = Build Team
            emailAddress              = build@suse.de
        X509v3 extensions:
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier:
                A7:46:B6:4B:6C:B7:1F:13:38:56:38:05:5F:46:16:2B:AC:63:2A:CD
            X509v3 Authority Key Identifier:
                keyid:EC:AB:0D:42:C4:56:CF:77:04:36:B9:73:99:38:62:96:5E:87:26:2F
                DirName:/CN=SUSE Linux Enterprise Secure Boot CA/C=DE/L=Nuremberg/O=SUSE Linux Products GmbH/OU=Build Team/emailAddress=build@suse.de
                serial:01
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage:
                Code Signing

    Found 6 ESL's

RESULT: SUCCESS