Comments (3)
@xuguozhen , Have you compiled the kernel as an UEFI image enabling CONFIG_EFI_STUB
(so called The EFI Boot Stub)?
from pesign.
Hi, I have also encountered this same error with pesign on arm64. It seems that pesign is not able to handle the gzip compressed version of the vmlinuz image on arm64. Kernel was indeed compiled with CONFIG_EFI_STUB=y.
# file vmlinuz
vmlinuz: gzip compressed data, was "Image", last modified: Wed Sep 15 13:47:17 2021, max compression, from Unix, original size 73983984
# /usr/bin/pesign -P -h -i vmlinuz
pesign: could not parse signature list in EFI binary
# mv vmlinuz vmlinuz.gz # placate gunzip from complaining about lack of .gz extension
# gunzip vmlinuz.gz
# file vmlinuz
vmlinuz: MS-DOS executable
# /usr/bin/pesign -P -h -i vmlinuz
vmlinuz 0821930c2b81956d7396bd8fac51eadb937a484a018f4654c386f267505aa525
If I'm reading arch/arm64/Makefile correctly, it appears the arm64 kernel Image is gzip compressed by default, and the resulting compressed Image.gz is installed as vmlinuz. The pesign command only works when the kernel is decompressed, and we get the "pesign: could not parse signature list in EFI binary" when we pass in the gzip compressed vmlinuz image. I do wonder why it has no problem with the x86 vmlinuz image though..
from pesign.
#64 (comment) is correct about what's going on here.
from pesign.
Related Issues (20)
- RFE: allow build pesign against openssl HOT 4
- Regression: pesign fails rather than asking for token's password HOT 3
- handle_signing: invalid data \n possible exploit attempt. closing. HOT 1
- Removing signature does not produce the original unsigned binary
- 116: is not gcc 14.x ready (buid fails with ` [-Werror=calloc-transposed-args]`) HOT 1
- pesign-client -k fail to kill the daemon sometimes HOT 2
- [RFE] pesign.service: run as separate user HOT 2
- Migrate from /var/run/pesign to /run/pesign
- pesigchek signature validation fails for binary signed by expired certificate HOT 2
- Docker image isn't working for poweron -ppc64le HOT 1
- Compilation error with gcc 10, -Werror=array-bounds and -O2 or higher
- socket_get_fd() failing due to SCM_CREDENTIALS coming first HOT 1
- unrecognized options with gcc 4.8.5 HOT 2
- gcc-12 doesn't play nice HOT 1
- Failure to build with GCC 11 HOT 2
- 115: build fails with gcc 12.0.1 HOT 3
- Unable to sign files with YubiHSM HOT 2
- Duplicate codes in src/certs/make-certs
- authvar: 4-byte EFI var attrs header in output files HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pesign.