EFI file creation apparently broken on Arch with Linux 6.4.8 or higher

[danejur]

Recently, I've noticed mortar failing to automatically unlock my LUKS partition at boot. Since this occasionally happens after upgrading the kernel, I decided to re-run both mkinitcpio -P and mortar-compilesigninstall. However, when I run mortar-compilesigninstall now, I am greeted with the following console output:

objcopy: /boot/EFI/mortarsecureboot-linux.efi.unsigned:.osrel: section below image base
objcopy: /boot/EFI/mortarsecureboot-linux.efi.unsigned:.cmdline: section below image base
objcopy: /boot/EFI/mortarsecureboot-linux.efi.unsigned:.linux: section below image base
objcopy: /boot/EFI/mortarsecureboot-linux.efi.unsigned:.initrd: section below image base
Created /boot/EFI/mortarsecureboot-linux.efi.unsigned
Found old signed file. Backing up to /boot/EFI/mortarsecureboot-linux.efi.old.efi
Signing...
Signing Unsigned original image
Created signed /boot/EFI/mortarsecureboot-linux.efi

Needless to say, the newly generated EFI file does not unlock the drive properly. Did something change with a recent kernel? Admittedly, I have not tested this on a fresh install, so if that would be worthwhile I'd be happy to try it out. I wasn't sure if this was something others were seeing or if it was unique to my install.

[noahbliss]

Soft-confirming this issue. There is a lot of finger pointing, but I am seeing issues posted against systemd and dracut relating to this.

[noahbliss]

Try the current version. I made a push 5ff637c

[danejur]

That worked! For any existing installs, make sure to either run 0-initialsetup-prereqinstall.sh again or manually copy the new mortar-compilesigninstall to /usr/local/sbin.