Date: Mon, 7 Oct 2019 00:58:20 -0400 From: David Cross <dcrosstech@gmail.com> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: uefisign and loader Message-ID: <CAM9edeOTrNev=izkp2R3C5A0geHRe51m71BPn1OrXSn_QWFaGQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I've been working on getting secureboot working under freebsd (I today just finished off a REALLY rough tool that lets one tweak uefi authenticated variables under freebsd, with an eye to try to get a patch to put this into efivar). After setting the PK, the KEK, and the db, I was super excited to finally secure-boot my machine, and discovered that I could not uefisign loader. Attempting to sign loader returns a cryptic: "section points inside the headers" and then hangs in pipe-read (via siginfo). (this is under 12.0 FWIW). I am able to sign boot1, however boot1.efi doesn't handle GELI keys so its not really useful for me. Suggestions?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM9edeOTrNev=izkp2R3C5A0geHRe51m71BPn1OrXSn_QWFaGQ>