Closed beshleman closed 2 years ago
I just tested with a file in wrong format, and the output somewhat regressed, as we now get a backtrace and an exception rather than a user-friendly error message:
Traceback (most recent call last):
File "/usr/sbin/secureboot-certs", line 807, in <module>
install(session, args)
File "/usr/sbin/secureboot-certs", line 363, in install
paths[name] = convert_to_auth(name, p, priv)
File "/usr/sbin/secureboot-certs", line 409, in convert_to_auth
"file %s is not a valid auth file or x509 certificate" % path
RuntimeError: file /root/uefistored-debuginfo-1.1.1-1.0.stormi.1.xcpng8.2.x86_64.rpm is not a valid auth file or x509 certificate
I just tested with a file in wrong format, and the output somewhat regressed, as we now get a backtrace and an exception rather than a user-friendly error message:
Traceback (most recent call last): File "/usr/sbin/secureboot-certs", line 807, in <module> install(session, args) File "/usr/sbin/secureboot-certs", line 363, in install paths[name] = convert_to_auth(name, p, priv) File "/usr/sbin/secureboot-certs", line 409, in convert_to_auth "file %s is not a valid auth file or x509 certificate" % path RuntimeError: file /root/uefistored-debuginfo-1.1.1-1.0.stormi.1.xcpng8.2.x86_64.rpm is not a valid auth file or x509 certificate
Fixed in newest rev.
Testing
This was tested using the following files (existing internally in on Vates Env B machine 22):
Then running
test.sh
:secureboot-certs-test
is the script that contains this commit.These certs are the proper certs for booting Windows (not Linux!). The dbx is from UEFI's 2014 release from the archive. It was tested separately that the dbx accepts DER/PEM certs, but the certs are not included here because typically the dbx includes hashes and/or certificates, not just certificates.
The certs were checked to be the correct values using
secureboot-certs report
. And Windows was verified to boot with SB enabled.