sign bzImage using sbsign
by zvivered from LinuxQuestions.org on (#6P778)
Hello,
Using buildroot I created a gcc toolchain and compiled vanilla 4.9.20
This kernel works well on a core i7 PC.
In order to use secured boot, I signed this kernel with the following procedure:
Code:openssl req -config ./mokconfig.cnf \
-new -x509 -newkey rsa:2048 \
-nodes -days 36500 -outform DER \
-keyout "MOK.priv" \
-out "MOK.der"
openssl x509 -in MOK.der -inform DER -outform PEM -out MOK.pem
sudo sbsign --key MOK.priv --cert MOK.pem ./linux-4.9.20/arch/x86/boot/bzImage --output bzImage.signedI got an error message:
Invalid DOS header magic
Then I tried the same procedure on vanilla 5.4.249 compiled with another gcc (for kernel 5.x). This time I got:
Signing Unsigned original image
I ran sbsign under Ubuntu 20.04.6 LTS
Can you please tell why I got the error message when trying to sign kernel 4.x ?
Thank you,
Zvika
Using buildroot I created a gcc toolchain and compiled vanilla 4.9.20
This kernel works well on a core i7 PC.
In order to use secured boot, I signed this kernel with the following procedure:
Code:openssl req -config ./mokconfig.cnf \
-new -x509 -newkey rsa:2048 \
-nodes -days 36500 -outform DER \
-keyout "MOK.priv" \
-out "MOK.der"
openssl x509 -in MOK.der -inform DER -outform PEM -out MOK.pem
sudo sbsign --key MOK.priv --cert MOK.pem ./linux-4.9.20/arch/x86/boot/bzImage --output bzImage.signedI got an error message:
Invalid DOS header magic
Then I tried the same procedure on vanilla 5.4.249 compiled with another gcc (for kernel 5.x). This time I got:
Signing Unsigned original image
I ran sbsign under Ubuntu 20.04.6 LTS
Can you please tell why I got the error message when trying to sign kernel 4.x ?
Thank you,
Zvika