uefisign and loader
Warner Losh
imp at bsdimp.com
Mon Oct 7 05:02:57 UTC 2019
On Sun, Oct 6, 2019, 10:58 PM David Cross <dcrosstech at gmail.com> wrote:
> I've been working on getting secureboot working under freebsd (I today just
> finished off a REALLY rough tool that lets one tweak uefi authenticated
> variables under freebsd, with an eye to try to get a patch to put this into
> efivar). After setting the PK, the KEK, and the db, I was super excited to
> finally secure-boot my machine, and discovered that I could not uefisign
> loader. Attempting to sign loader returns a cryptic: "section points
> inside the headers" and then hangs in pipe-read (via siginfo). (this is
> under 12.0 FWIW).
>
> I am able to sign boot1, however boot1.efi doesn't handle GELI keys so its
> not really useful for me.
>
> Suggestions?
>
Use loader.efi directly instead?
Warner
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
>
More information about the freebsd-hackers
mailing list