I created the keys for signing efi binaries according to this article
https://www.rodsbooks.com/efi-bootlo...olling-sb.html,then replaced my laptop UEFI keys with this ones, now want to sign the the vmlinu-linux and refind_x64.efi with osslsigncode but get error:
Code:
osslsigncode -certs DB.crt -key DB.key -h sha256 -in /boot/vmlinuz-linux -out /boot/vmlinuz-linux
Unrecognized file type - file is too short: /boot/vmlinuz-linux
139929488988032:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
139929488988032:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:572:
139929488988032:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
139929488988032:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=RSAPrivateKey
139929488988032:error:04093004:rsa routines:old_rsa_priv_decode:RSA lib:crypto/rsa/rsa_ameth.c:142:
139929488988032:error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag:crypto/asn1/tasn_dec.c:1149:
139929488988032:error:0D07803A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:309:Type=PKCS8_PRIV_KEY_INFO
Failed
I tried to sign with the sbsign but secure boot reject to boot.