[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: grub2's binary is detecting as 'Malformed security header' by efitoo
|
From: |
Randy Goldenberg |
|
Subject: |
Re: grub2's binary is detecting as 'Malformed security header' by efitools |
|
Date: |
Thu, 18 Apr 2024 14:54:34 -0700 |
What version of grub2 are you using, and where did it come from?
On Thu, Apr 18, 2024 at 6:01 AM Haruki TSURUMOTO <tsu.root@gmail.com> wrote:
> Hi, I am a engineer trying Secure Boot reviews.
>
> I have a question for grub2's binary.
>
> We need to add previous grub2's PE hash value to "vendor_dbx.esl" (it
> will be emmbed our shim) to passing Secure Boot review clauses.
>
> We had tried to generate dbx file by efitools(
> https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git )
> hash-to-efi-sig-list(1)
> however, we encountered such below error.
>
> "Failed to get hash of grubx64.efi: 2"
>
> We researched details of error reason, grub2 binary is detecting as
> 'Malformed security header' by efitools.
>
> https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git/tree/lib/pecoff.c#n120
>
> This is objdump's output.
> --
> $ objdump -x ./grubx64.efi | grep -E '(SizeOfImage|Security Directory)'
> SizeOfImage 0026b000
> Entry 4 000000000026b000 00000640 Security Directory
> --
>
> Also this error is reproducible in very famous distirubtion.
> (e.g. Debian, Ubuntu, and Fedora)
>
> Anyone knows is this a efitool's bug?, or are we using the wrong tools?
>
> --
> Haruki TSURUMOTO
>