I have created shim.efi using the Makefile in https://github.com/rhboot/shim. Signed the generated shim.efi using the keys generated by openssl and the sbsign executable. (Command sbsign --key shim.key --cert shim.crt). I got the following warning message " warning: data remaining[1034752 vs 1159672]: gaps between PE/COFF sections?".
The generated efi did not pass the signature validation check in the new BIOS.
On further investigation I found that in the following if statement
if (bytes + image->cert_table_size < image->size), a new checksum region is added.
On commenting/removing the above checksum addition, the generated efi passed the validation check in the BIOS.
I would like to know why the extra bytes are added and is there any other way to solve this issue
I have created shim.efi using the Makefile in https://github.com/rhboot/shim. Signed the generated shim.efi using the keys generated by openssl and the sbsign executable. (Command sbsign --key shim.key --cert shim.crt). I got the following warning message " warning: data remaining[1034752 vs 1159672]: gaps between PE/COFF sections?".
The generated efi did not pass the signature validation check in the new BIOS.
On further investigation I found that in the following if statement
if (bytes + image->cert_table_size < image->size), a new checksum region is added.
On commenting/removing the above checksum addition, the generated efi passed the validation check in the BIOS.
I would like to know why the extra bytes are added and is there any other way to solve this issue