sbctl icon indicating copy to clipboard operation
sbctl copied to clipboard
verified publisher icon Foxboron

Bundles generated with `-s` can be signed again

Open hexchain opened this issue 2 years ago • 0 comments

It seems bundles can be signed twice:

% sudo sbctl list-bundles
Enrolled bundles:

/boot/EFI/arch/linux.efi
        Signed:         ✓ Signed
        ESP Location:   /boot
        Output:         └─/EFI/arch/linux.efi
        EFI Stub Image:   └─/usr/lib/systemd/boot/efi/linuxx64.efi.stub
        Splash Image:       ├─/usr/share/systemd/bootctl/splash-arch.bmp
        Cmdline:            ├─/etc/kernel/cmdline
        OS Release:         ├─/usr/lib/os-release
        Kernel Image:       ├─/boot/vmlinuz-linux
        Initramfs Image:    └─/boot/initramfs-linux.img
        AMD Microcode:        └─/boot/amd-ucode.img
% sudo sbctl generate-bundles -s
Generating EFI bundles....
Wrote EFI bundle /boot/EFI/arch/linux.efi
✓ Signed /boot/EFI/arch/linux.efi
% sudo sbctl sign /boot/EFI/arch/linux.efi
✓ Signed /boot/EFI/arch/linux.efi
% sudo sbctl sign /boot/EFI/arch/linux.efi
File has already been signed /boot/EFI/arch/linux.efi

hexchain avatar Jun 26 '23 02:06 hexchain