# wget
https://launchpad.net/ubuntu/+source/sbsigntool/0.9.2-2ubuntu1~18.04.1/+build/21207939/+files/sbsigntool_0.9.2-2ubuntu1~18.04.1_amd64.deb
# apt install ./sbsigntool_0.9.2-2ubuntu1~18.04.1_amd64.deb
# dpkg-query -W sbsigntool
sbsigntool 0.9.2-2ubuntu1~18.04.1
# sbverify --cert 15.3-0ubuntu1~ppa1/control/uefi.crt
15.3-0ubuntu1~ppa1/shimaa64.efi.signed
warning: gap in section table:
.data : 0x0007f000 - 0x000b37a0,
.sbat : 0x000b4000 - 0x000b5000,
gaps in the section table may result in different checksums
warning: data remaining[740768 vs 800872]: gaps between PE/COFF sections?
Hash doesn't match image
got: dd7816e1c0158e8ac1cf546fd58c00e72f1f3d8c766420dff37702e522131933
expecting: de00bed944a76d3b5569a1cd1ad7e68cd700ad88cbf8a14c6f67df277594f018
Image fails hash check
Signature verification failed
Old lp signature fails to verify now - good.
Resigning with new sbsign, the signature is generated with correct
digest now
# openssl pkcs7 -inform der -in new-sbsign-signature.p7c -print | grep -A5
messageDi
object: messageDigest (1.2.840.113549.1.9.4)
set:
OCTET STRING:
0000 - 6a 83 1f 9e cb 7a 68 7f-17 c0 9d 81 c0 j....zh......
000d - 6b 17 b2 c3 1c d7 ed b5-b3 89 49 a3 c1 k.........I..
001a - 8d 75 59 d3 b3 11 .uY...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1921387
Title:
launchpad signing shimaa64.efi fails to validate
To manage notifications about this bug go to:
https://bugs.launchpad.net/launchpad/+bug/1921387/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
