[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sbsign crashes while signing an (EFI) image using Yubikey

On Sat, Jun 01, 2024 at 11:54:10PM +0000, Dmitry wrote:
>> If you try testing without a PKCS11 module, I'm assuming all works fine?
>
>Yep... It works fine.
>
>The fact that it crashes with Yubikey/PKCS11 made me wondering how
>people in Ubuntu/Debian sign images (in particular, where do they
>keep the private keys, apparently NOT on a Yubikey...)

In my own testing, I've found that the exact syntax of the PKCS11 URI
can be *very* sensitive, and failures often cause crashes. Code here
often does not have good error handling. :-(

Maybe try different ways of referring to the specific key you're
looking for.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
< Aardvark> I dislike C++ to start with. C++11 just seems to be
            handing rope-creating factories for users to hang multiple
            instances of themselves.
Reply to: