Comments (2)
nasastry
commented on August 14, 2024
Couldn't read the SBAT secvar:
# secvarctl read -n sbat
READING sbat :
ESL SIG LIST SIZE: 51
GUID is : 50ab5d6046e00043abb63dd810dd8b23
Signature type is: SBAT
Data: sbat,1
DELETE-MSG: sbat,1
ERROR: invalid signature type
Found 0 ESL's
RESULT: SUCCESS
with internal secvarctl could read SBAT:
# /home/secvarctl/secvarctl -m guest read -n sbat
READING sbat :
Timestamp: 0000-00-00 00:00:00 UTC
ESL SIG LIST SIZE: 51
GUID is : 50ab5d6046e00043abb63dd810dd8b23
Signature type is: SBAT
Data: sbat,1
Found 1 ESL's
RESULT: SUCCESS
from secvarctl.
nasastry
commented on August 14, 2024
with RC2 could read all grubdb and sbat
[root@ltcrain80-lp2 home]# secvarctl read -n sbat
READING sbat :
ESL 1:
ESL SIG LIST SIZE: 51
GUID is : 50ab5d6046e00043abb63dd810dd8b23
Signature type is: SBAT
Data: sbat,1
Found 1 ESL's
RESULT: SUCCESS
[root@ltcrain80-lp2 home]# secvarctl read -n grubdb
READING grubdb :
ESL 1:
ESL SIG LIST SIZE: 1083
GUID is : a159c0a5e494a74a87b5ab155c2bf072
Signature type is: X509
Certificate-1: Found certificate info
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:c7:bb:59:b7:7e:97:a6:9c:08:b1:d3:8c:39:a0:8f:35:04:0f:4a
Signature Algorithm: sha256WithRSAEncryption
Issuer:
organizationName = IBM Corporation
organizationalUnitName = Power Systems
commonName = Guest Secure Boot Imprint Certificate Authority
emailAddress = [email protected]
Validity
Not Before: Dec 8 17:46:17 2022 GMT
Not After : Nov 14 17:46:17 2122 GMT
Subject:
organizationName = IBM Corporation
organizationalUnitName = Power Systems
commonName = Guest Secure Boot Imprint Signing Key
emailAddress = [email protected]
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
35:16:B1:78:B7:78:AD:AD:97:95:EE:1A:4C:85:58:B6:20:ED:6D:69
X509v3 Authority Key Identifier:
85:42:F6:AF:EE:9C:10:2D:47:18:5D:B8:09:66:09:CF:72:00:6B:F7
ESL 2:
ESL SIG LIST SIZE: 1595
GUID is : a159c0a5e494a74a87b5ab155c2bf072
Signature type is: X509
Certificate-1: Found certificate info
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5b:5e:59:f2:5f:75:4c:8e:c5:3a:91:07:e9:e7:6d:3c:d0:7f:91:fd
Signature Algorithm: sha256WithRSAEncryption
Issuer:
organizationName = IBM Corporation
organizationalUnitName = Power Systems
commonName = Guest Secure Boot Imprint Certificate Authority
emailAddress = [email protected]
Validity
Not Before: Jul 9 02:28:42 2020 GMT
Not After : Jun 15 02:28:42 2120 GMT
Subject:
organizationName = IBM Corporation
organizationalUnitName = Power Systems
commonName = Guest Secure Boot Imprint Signing Key
emailAddress = [email protected]
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage:
Digital Signature
X509v3 Subject Key Identifier:
10:48:56:E0:67:BC:D0:BA:2B:16:06:BB:82:B3:78:D4:5D:F5:00:5A
X509v3 Authority Key Identifier:
A2:3C:CD:7B:F9:D1:7E:8C:76:2B:C8:DD:E1:B1:3D:FC:E0:CF:24:81
ESL 3:
ESL SIG LIST SIZE: 960
GUID is : a159c0a5e494a74a87b5ab155c2bf072
Signature type is: X509
Certificate-1: Found certificate info
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
d3:9c:41:33:dd:6b:5f:45
Signature Algorithm: sha256WithRSAEncryption
Issuer:
commonName = Red Hat Secure Boot CA 6
emailAddress = [email protected]
Validity
Not Before: Feb 15 14:00:44 2021 GMT
Not After : Jan 17 14:00:44 2038 GMT
Subject:
commonName = Red Hat Secure Boot Signing 602
emailAddress = [email protected]
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage: critical
Code Signing
X509v3 Subject Key Identifier:
6C:E4:6C:27:AA:CD:0D:4B:74:21:A4:F6:5F:87:B5:31:FE:10:BB:A7
X509v3 Authority Key Identifier:
E8:6A:1C:AB:2C:48:F9:60:36:A2:F0:7B:8E:D2:9D:B4:2A:28:98:C8
ESL 4:
ESL SIG LIST SIZE: 938
GUID is : a159c0a5e494a74a87b5ab155c2bf072
Signature type is: X509
Certificate-1: Found certificate info
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
da:2b:65:5e:2e:d5:a7:bb
Signature Algorithm: sha256WithRSAEncryption
Issuer:
commonName = Red Hat Secure Boot CA 7
emailAddress = [email protected]
Validity
Not Before: Jun 8 18:29:10 2022 GMT
Not After : Jan 17 18:29:10 2038 GMT
Subject:
commonName = Red Hat Secure Boot Signing 702
emailAddress = [email protected]
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage: critical
Code Signing
X509v3 Subject Key Identifier:
74:91:10:FD:C5:2A:50:93:AD:5D:BD:4B:3D:A9:04:F1:3C:8B:6F:FC
X509v3 Authority Key Identifier:
0.
ESL 5:
ESL SIG LIST SIZE: 1332
GUID is : a159c0a5e494a74a87b5ab155c2bf072
Signature type is: X509
Certificate-1: Found certificate info
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ed:87:85:b7:8f:fc:12:80
Signature Algorithm: sha256WithRSAEncryption
Issuer:
commonName = SUSE Linux Enterprise Secure Boot CA
countryName = DE
localityName = Nuremberg
organizationName = SUSE Linux Products GmbH
organizationalUnitName = Build Team
emailAddress = [email protected]
Validity
Not Before: May 25 12:38:03 2022 GMT
Not After : Dec 31 12:38:03 2032 GMT
Subject:
commonName = SUSE Linux Enterprise Secure Boot Signkey
countryName = DE
localityName = Nuremberg
organizationName = SUSE Linux Products GmbH
organizationalUnitName = Build Team
emailAddress = [email protected]
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
0A:C6:2B:1F:3F:53:42:71:13:25:86:E2:9D:3B:10:41:59:1C:82:4A
X509v3 Authority Key Identifier:
keyid:F3:3F:A2:2E:F2:8F:CB:9D:C1:8D:43:D2:0B:C7:EF:65:C1:C5:65:E4
DirName:/CN=SUSE Linux Enterprise Secure Boot CA/C=DE/L=Nuremberg/O=SUSE Linux Products GmbH/OU=Build Team/[email protected]
serial:01
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
ESL 6:
ESL SIG LIST SIZE: 1332
GUID is : a159c0a5e494a74a87b5ab155c2bf072
Signature type is: X509
Certificate-1: Found certificate info
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ca:fc:b5:d7:5e:c5:89:82
Signature Algorithm: sha256WithRSAEncryption
Issuer:
commonName = SUSE Linux Enterprise Secure Boot CA
countryName = DE
localityName = Nuremberg
organizationName = SUSE Linux Products GmbH
organizationalUnitName = Build Team
emailAddress = [email protected]
Validity
Not Before: Mar 1 13:56:59 2023 GMT
Not After : Sep 28 13:56:59 2033 GMT
Subject:
commonName = SUSE Linux Enterprise Secure Boot Signkey
countryName = DE
localityName = Nuremberg
organizationName = SUSE Linux Products GmbH
organizationalUnitName = Build Team
emailAddress = [email protected]
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
A7:46:B6:4B:6C:B7:1F:13:38:56:38:05:5F:46:16:2B:AC:63:2A:CD
X509v3 Authority Key Identifier:
keyid:EC:AB:0D:42:C4:56:CF:77:04:36:B9:73:99:38:62:96:5E:87:26:2F
DirName:/CN=SUSE Linux Enterprise Secure Boot CA/C=DE/L=Nuremberg/O=SUSE Linux Products GmbH/OU=Build Team/[email protected]
serial:01
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
Found 6 ESL's
RESULT: SUCCESS
from secvarctl.
Related Issues (20)
- GitHub Actions / other automated CI HOT 2
- compilation fails with openssl3 HOT 1
- Overhaul Tracking HOT 1
- make install does not work in 1.0.0-rc1
- Add CI test for installations
- v1.0.0-rc1 -p path should be appended with '/' HOT 1
- v1.0.0.-rc1 - secvarctl sigsegv while reading fuzzed ESL file HOT 2
- v1.0.0.-rc1 - -a option is accepting strings HOT 3
- CI: Add ppc64le cross compilation & cross test to push/pr workflow HOT 1
- CI: Consider automatically uploading build artifacts during PR workflows
- Audit code for duplicate functions, or functions that could use clearer names
- Consider overhauling external/skiboot code and upstreaming
- guest: clean up and unify reading the timestamp from a variable buffer HOT 1
- [bug][rc3][regression] read SIGSEGV while reading a valid certificate HOT 3
- Does not support the append flag message printed 3 times HOT 1
- [rc3]time stamp is zero for grubdb and sbat variables HOT 4
- Remove SECVAR_CRYPTO_WRITE_FUNC
- Update/rewrite README and manpage
- Proposal: Remove Makefile build, exclusively use CMake
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secvarctl.