uefisign and loader
David Cross
dcrosstech at gmail.com
Mon Oct 7 04:58:34 UTC 2019
I've been working on getting secureboot working under freebsd (I today just
finished off a REALLY rough tool that lets one tweak uefi authenticated
variables under freebsd, with an eye to try to get a patch to put this into
efivar). After setting the PK, the KEK, and the db, I was super excited to
finally secure-boot my machine, and discovered that I could not uefisign
loader. Attempting to sign loader returns a cryptic: "section points
inside the headers" and then hangs in pipe-read (via siginfo). (this is
under 12.0 FWIW).
I am able to sign boot1, however boot1.efi doesn't handle GELI keys so its
not really useful for me.
Suggestions?
More information about the freebsd-hackers
mailing list