You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have created shim.efi using the Makefile in https://github.com/rhboot/shim. Signed the generated shim.efi using the keys generated by openssl and the sbsign executable. (Command sbsign --key shim.key --cert shim.crt). I got the following warning message " warning: data remaining[1034752 vs 1159672]: gaps between PE/COFF sections?".
The generated efi did not pass the signature validation check in the new BIOS.
On further investigation I found that in the following if statement
if (bytes + image->cert_table_size < image->size), a new checksum region is added.
On commenting/removing the above checksum addition, the generated efi passed the validation check in the BIOS.
I would like to know why the extra bytes are added and is there any other way to solve this issue
The text was updated successfully, but these errors were encountered:
I have created shim.efi using the Makefile in https://github.com/rhboot/shim. Signed the generated shim.efi using the keys generated by openssl and the sbsign executable. (Command sbsign --key shim.key --cert shim.crt). I got the following warning message " warning: data remaining[1034752 vs 1159672]: gaps between PE/COFF sections?".
The generated efi did not pass the signature validation check in the new BIOS.
On further investigation I found that in the following if statement
if (bytes + image->cert_table_size < image->size), a new checksum region is added.
On commenting/removing the above checksum addition, the generated efi passed the validation check in the BIOS.
I would like to know why the extra bytes are added and is there any other way to solve this issue
The text was updated successfully, but these errors were encountered: