Date: Sun, 6 Oct 2019 23:02:43 -0600 From: Warner Losh <imp@bsdimp.com> To: David Cross <dcrosstech@gmail.com> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: uefisign and loader Message-ID: <CANCZdfqdbKgRqF7AhsfjNwQdzbwA7uSuQoWzWvHQrwkJ2p4AXg@mail.gmail.com> In-Reply-To: <CAM9edeOTrNev=izkp2R3C5A0geHRe51m71BPn1OrXSn_QWFaGQ@mail.gmail.com> References: <CAM9edeOTrNev=izkp2R3C5A0geHRe51m71BPn1OrXSn_QWFaGQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Oct 6, 2019, 10:58 PM David Cross <dcrosstech@gmail.com> wrote: > I've been working on getting secureboot working under freebsd (I today just > finished off a REALLY rough tool that lets one tweak uefi authenticated > variables under freebsd, with an eye to try to get a patch to put this into > efivar). After setting the PK, the KEK, and the db, I was super excited to > finally secure-boot my machine, and discovered that I could not uefisign > loader. Attempting to sign loader returns a cryptic: "section points > inside the headers" and then hangs in pipe-read (via siginfo). (this is > under 12.0 FWIW). > > I am able to sign boot1, however boot1.efi doesn't handle GELI keys so its > not really useful for me. > > Suggestions? > Use loader.efi directly instead? Warner > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfqdbKgRqF7AhsfjNwQdzbwA7uSuQoWzWvHQrwkJ2p4AXg>