Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sbctl verify - invalid pe header #398

Open
4lex11s opened this issue Nov 5, 2024 · 1 comment
Open

sbctl verify - invalid pe header #398

4lex11s opened this issue Nov 5, 2024 · 1 comment

Comments

@4lex11s
Copy link

4lex11s commented Nov 5, 2024

Hello,
After a classic setup : reboot --firmware-setup, create-keys, sbctl enroll-keys, sign

I received invalid pe header after

sbctl verify 
Verifying file database and EFI images in /boot...
✓ /boot/efi/BOOT/BOOTX64.EFI is signed
invalid pe header
~

no problem at system startup.

My setup:

  • Arch linux rolling x64 2024.10.01
  • extra/sbctl 0.16-1
  • nvme : efi,btrfs on cryptsetup
  • core/systemd 256.7-1
  • Firmware Arch: x64
  • Secure Boot: enabled (user)
  • TPM2 Support: yes
  • Measured UKI: no
  • Boot into FW: supported
`RUST_BACKTRACE=full lurk sbctl verify --debug`

[3217] execve("", "", "") = 0
[3217] brk(0x0) = 0x555555E9E000
[3217] access("/etc/ld.so.preload", 4) = -2
[3217] openat(4294967196, "/etc/ld.so.cache", 524288) = 3
[3217] fstat(3, 0x7FFFFFFFDD30) = 0
[3217] mmap(0x0, 238359, 1, 2, 3, 0) = 0x7FFFF7F86000
[3217] close(3) = 0
[3217] openat(4294967196, "/usr/lib/libresolv.so.2", 524288) = 3
[3217] read(3, "ELF\u0002\u0001\u0001", 832) = 832
[3217] fstat(3, 0x7FFFFFFFDD30) = 0
[3217] mmap(0x0, 8192, 3, 34, 4294967295, 0) = 0x7FFFF7F84000
[3217] mmap(0x0, 71816, 1, 2050, 3, 0) = 0x7FFFF7F72000
[3217] mmap(0x7FFFF7F75000, 36864, 5, 2066, 3, 12288) = 0x7FFFF7F75000
[3217] mmap(0x7FFFF7F7E000, 8192, 1, 2066, 3, 49152) = 0x7FFFF7F7E000
[3217] mmap(0x7FFFF7F80000, 8192, 3, 2066, 3, 57344) = 0x7FFFF7F80000
[3217] mmap(0x7FFFF7F82000, 6280, 3, 50, 4294967295, 0) = 0x7FFFF7F82000
[3217] close(3) = 0
[3217] openat(4294967196, "/usr/lib/libc.so.6", 524288) = 3
[3217] read(3, "ELF\u0002\u0001\u0001\u0003", 832) = 832
[3217] pread64(3, "\u0006", 784, 64) = 784
[3217] fstat(3, 0x7FFFFFFFDD10) = 0
[3217] pread64(3, "\u0006", 784, 64) = 784
[3217] mmap(0x0, 2034616, 1, 2050, 3, 0) = 0x7FFFF7D81000
[3217] mmap(0x7FFFF7DA5000, 1511424, 5, 2066, 3, 147456) = 0x7FFFF7DA5000
[3217] mmap(0x7FFFF7F16000, 319488, 1, 2066, 3, 1658880) = 0x7FFFF7F16000
[3217] mmap(0x7FFFF7F64000, 24576, 3, 2066, 3, 1978368) = 0x7FFFF7F64000
[3217] mmap(0x7FFFF7F6A000, 31672, 3, 50, 4294967295, 0) = 0x7FFFF7F6A000
[3217] close(3) = 0
[3217] mmap(0x0, 12288, 3, 34, 4294967295, 0) = 0x7FFFF7D7E000
[3217] arch_prctl(4098, 0x7FFFF7D7E740) = 0
[3217] set_tid_address(0x7FFFF7D7EA10) = 3217
[3217] set_robust_list(0x7FFFF7D7EA20, 24) = 0
[3217] rseq() = 0
[3217] mprotect(0x7FFFF7F64000, 16384, 1) = 0
[3217] mprotect(0x7FFFF7F80000, 4096, 1) = 0
[3217] mprotect(0x555555ACC000, 3493888, 1) = 0
[3217] mprotect(0x7FFFF7FFB000, 8192, 1) = 0
[3217] prlimit64(0, 3, 0x0, 0x7FFFFFFFE890) = 0
[3217] munmap(0x7FFFF7F86000, 238359) = 0
[3217] getrandom("iͦå¶gÝ", 8, 1) = 8
[3217] brk(0x0) = 0x555555E9E000
[3217] brk(0x555555EBF000) = 0x555555EBF000
[3217] openat(4294967196, "/proc/self/maps", 524288) = 3
[3217] prlimit64(0, 3, 0x0, 0x7FFFFFFFEA10) = 0
[3217] fstat(3, 0x7FFFFFFFE820) = 0
[3217] read(3, "555555554000-55555562a000 r--p 0...", 1024) = 1024
[3217] read(3, "0 00:24 38739 ...", 1024) = 1024
[3217] read(3, "b000 r--p 0002a000 00:24 38668 ...", 1024) = 453
[3217] close(3) = 0
[3217] sched_getaffinity(3217, 32, 93825001974064) = 8
[3217] sched_getaffinity(0, 8192, 140737488341792) = 8
[3217] openat(4294967196, "/sys/kernel/mm/transparent_hugep...", 0) = 3
[3217] read(3, "2097152\n", 20) = 8
[3217] close(3) = 0
[3217] mmap(0x0, 262144, 3, 34, 4294967295, 0) = 0x7FFFF7D3E000
[3217] mmap(0x0, 131072, 0, 34, 4294967295, 0) = 0x7FFFF7FA1000
[3217] mmap(0x0, 1048576, 0, 34, 4294967295, 0) = 0x7FFFF7C3E000
[3217] mmap(0x0, 8388608, 0, 34, 4294967295, 0) = 0x7FFFF7400000
[3217] mmap(0x0, 67108864, 0, 34, 4294967295, 0) = 0x7FFFF3400000
[3217] mmap(0x0, 536870912, 0, 34, 4294967295, 0) = 0x7FFFD3400000
[3217] mmap(0x0, 536870912, 0, 34, 4294967295, 0) = 0x7FFFB3400000
[3217] mmap(0xC000000000, 67108864, 0, 34, 4294967295, 0) = 0xC000000000
[3217] mmap(0x0, 33554432, 3, 34, 4294967295, 0) = 0x7FFFB1400000
[3217] madvise(0x7FFFB1400000, 33554432, 15) = 0
[3217] mmap(0x0, 68624, 3, 34, 4294967295, 0) = 0x7FFFF7F90000
[3217] mmap(0xC000000000, 4194304, 3, 50, 4294967295, 0) = 0xC000000000
[3217] mmap(0x7FFFF7FA1000, 131072, 3, 50, 4294967295, 0) = 0x7FFFF7FA1000
[3217] mmap(0x7FFFF7CBE000, 4096, 3, 50, 4294967295, 0) = 0x7FFFF7CBE000
[3217] mmap(0x7FFFF7806000, 4096, 3, 50, 4294967295, 0) = 0x7FFFF7806000
[3217] mmap(0x7FFFF5430000, 4096, 3, 50, 4294967295, 0) = 0x7FFFF5430000
[3217] mmap(0x7FFFE3580000, 4096, 3, 50, 4294967295, 0) = 0x7FFFE3580000
[3217] mmap(0x7FFFC3580000, 4096, 3, 50, 4294967295, 0) = 0x7FFFC3580000
[3217] mmap(0x0, 1048576, 3, 34, 4294967295, 0) = 0x7FFFB1300000
[3217] madvise(0x7FFFB1300000, 1048576, 15) = 0
[3217] mmap(0x0, 65536, 3, 34, 4294967295, 0) = 0x7FFFF7C2E000
[3217] mmap(0x0, 65536, 3, 34, 4294967295, 0) = 0x7FFFF7C1E000
[3217] rt_sigprocmask(2, 0x0, 0x555555E70100, 8) = 0
[3217] fcntl(0, 1) = 0
[3217] fcntl(1, 1) = 0
[3217] fcntl(2, 1) = 0
[3217] sigaltstack(0x0, 0x7FFFFFFFEA88) = 0
[3217] sigaltstack(0x7FFFFFFFEA50, 0x0) = 0
[3217] rt_sigprocmask(2, 0x7FFFFFFFEAA0, 0x0, 8) = 0
[3217] gettid(0x2) = 3217
[3217] rt_sigaction(1, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(1, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(2, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(2, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(3, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(3, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(4, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(4, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(5, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(5, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(6, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(6, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(7, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(7, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(8, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(8, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(10, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(10, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(11, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(11, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(12, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(12, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(13, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(13, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(14, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(14, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(15, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(15, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(16, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(16, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(17, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(17, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(23, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(23, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(24, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(24, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(25, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(25, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(26, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(26, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(27, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(27, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(28, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(28, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(29, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(29, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(30, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(30, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(31, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(31, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(32, 0x0, 0x7FFFFFFFEA88) = 0
[3217] rt_sigaction(33, 0x0, 0x7FFFFFFFEA88) = 0
[3217] rt_sigaction(34, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(35, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(35, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(36, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(36, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(37, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(37, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(38, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(38, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(39, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(39, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(40, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(40, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(41, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(41, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(42, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(42, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(43, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(43, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(44, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(44, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(45, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(45, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(46, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(46, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(47, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(47, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(48, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(48, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(49, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(49, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(50, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(50, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(51, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(51, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(52, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(52, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(53, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(53, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(54, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(54, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(55, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(55, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(56, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(56, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(57, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(57, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(58, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(58, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(59, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(59, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(60, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(60, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(61, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(61, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(62, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(62, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(63, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(63, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigaction(64, 0x0, 0x7FFFFFFFE7A0) = 0
[3217] rt_sigaction(64, 0x7FFFFFFFE6B0, 0x0) = 0
[3217] rt_sigprocmask(2, 0x7FFFFFFFE930, 0x7FFFFFFFE9B0, 8) = 0
[3217] rt_sigprocmask(1, 0x7FFFFFFFE730, 0x555555E9EA40, 8) = 0
[3217] rt_sigprocmask(1, 0x7FFFFFFFE730, 0x7FFFFFFFE7B0, 8) = 0
[3217] rt_sigprocmask(0, 0x7FFFFFFFE4D0, 0x7FFFFFFFE550, 8) = 0
[3217] rt_sigaction(31, 0x0, 0x7FFFFFFFE420) = 0
[3217] rt_sigaction(31, 0x7FFFFFFFE380, 0x0) = 0
[3217] rt_sigprocmask(2, 0x7FFFFFFFE550, 0x0, 8) = 0
[3217] futex(0x555555E8F788, 129, 2147483647, 0x0, 96, 1) = 0
[3217] rt_sigprocmask(0, 0x7FFFFFFFE730, 0x0, 8) = 0
[3217] rt_sigaction(33, 0x7FFFFFFFE480, 0x0) = 0
[3217] rt_sigprocmask(1, 0x7FFFFFFFE648, 0x0, 8) = 0
[3217] mmap(0x0, 8392704, 0, 131106, 4294967295, 0) = 0x7FFFB0A00000
[3217] mprotect(0x7FFFB0A01000, 8388608, 3) = 0
[3217] rt_sigprocmask(0, 0x7FFFF7F3B680, 0x7FFFFFFFE638, 8) = 0
[3217] clone3(0x7FFFFFFFE530, 88) = 3218
[3217] rt_sigprocmask(2, 0x7FFFFFFFE638, 0x0, 8) = 0
[3217] rt_sigprocmask(2, 0x7FFFFFFFE7B0, 0x0, 8) = 0
[3217] rt_sigprocmask(2, 0x7FFFFFFFE9B0, 0x0, 8) = 0
thread 'main' panicked at /build/.cargo/registry/src/index.crates.io-6f17d22bba15001f/syscalls-0.6.18/src/arch/x86_64.rs:5:1:
invalid syscall: 4294967295
stack backtrace:
0: 0x62dcf8e44e15 -
1: 0x62dcf8e6b25b -
2: 0x62dcf8e4287f -
3: 0x62dcf8e46701 -
4: 0x62dcf8e463dc -
5: 0x62dcf8e46d61 -
6: 0x62dcf8e46bc7 -
7: 0x62dcf8e452d9 -
8: 0x62dcf8e46854 -
9: 0x62dcf8d062f3 -
10: 0x62dcf8dc94af -
11: 0x62dcf8d09706 -
12: 0x62dcf8d07a4b -
13: 0x62dcf8d121e5 -
14: 0x62dcf8d19c66 -
15: 0x62dcf8d1c851 -
16: 0x62dcf8e3dbb0 -
17: 0x62dcf8d12344 -
18: 0x72802c361e08 -
19: 0x72802c361ecc - __libc_start_main
20: 0x62dcf8d06a65 -
21: 0x0 -
~
root@xx #> invalid pe header

`

Thanks for your great tools !
@Foxboron
Copy link
Owner

Foxboron commented Nov 5, 2024

Which files have you enrolled? and what is the output of find /boot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Foxboron @4lex11s