A common failure mode in shim reviews is people embedding certificates which are PEM-encoded rather than DER-encoded. It's a very easy mistake to make, and easy to miss in reviews too.
I've added an extra message in https://github.com/rhboot/shim-review/pull/402 , but it would be even nicer if the shim build process would notice this mistake and fail the build with an appropriate error.
A common failure mode in shim reviews is people embedding certificates which are PEM-encoded rather than DER-encoded. It's a very easy mistake to make, and easy to miss in reviews too.
I've added an extra message in https://github.com/rhboot/shim-review/pull/402 , but it would be even nicer if the shim build process would notice this mistake and fail the build with an appropriate error.