[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
grub2's binary is detecting as 'Malformed security header' by efitools
|
From: |
Haruki TSURUMOTO |
|
Subject: |
grub2's binary is detecting as 'Malformed security header' by efitools |
|
Date: |
Thu, 18 Apr 2024 18:03:05 +0900 |
|
User-agent: |
Mozilla Thunderbird |
Hi, I am a engineer trying Secure Boot reviews.
I have a question for grub2's binary.
We need to add previous grub2's PE hash value to "vendor_dbx.esl" (it
will be emmbed our shim) to passing Secure Boot review clauses.
We had tried to generate dbx file by efitools(
https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git )
hash-to-efi-sig-list(1)
however, we encountered such below error.
"Failed to get hash of grubx64.efi: 2"
We researched details of error reason, grub2 binary is detecting as
'Malformed security header' by efitools.
https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git/tree/lib/pecoff.c#n120
This is objdump's output.
--
$ objdump -x ./grubx64.efi | grep -E '(SizeOfImage|Security Directory)'
SizeOfImage 0026b000
Entry 4 000000000026b000 00000640 Security Directory
--
Also this error is reproducible in very famous distirubtion.
(e.g. Debian, Ubuntu, and Fedora)
Anyone knows is this a efitool's bug?, or are we using the wrong tools?
--
Haruki TSURUMOTO
- grub2's binary is detecting as 'Malformed security header' by efitools,
Haruki TSURUMOTO <=