Detached signature of PK.auth cannot be written although inline updates fine

Question

Detached signature of PK.auth cannot be written although inline updates fine

Closed this issue 4 years ago · 2 comments

sign-efi-sig-list k PK.key -c PK.crt PK PK.esl PK.auth followed by efi-update-var -f PK.auth PK writes fine, but when I try to use the detached signature method, I get Cannot write to PK, wrong filesystem permissions. I have date formatted as 2020-06-26 08:19:12, run sign-efi-sig-list -t "$DATE" -o PK PK.esl PK.forsig, run openssl smime -noattr -sign -binary -in PK.forsig -text -out PK.signed -signer PK.crt -inkey PK.key -outform DER -md sha256 followed by sign-efi-sig-list -i PK.signed -t "$DATE" PK PK.esl PK.auth.

Answer 1 · 2022-09-09T14:26:05.000Z

How is this marked as fixed? I am seeing the same issue.
What was the resolution here?

@717a56e1 717a56e1 can you please help to comment?

Answer 2 · 2022-09-16T04:21:30.000Z

-t parameter how its passed plays a role here.
If its passed as for ex: -t '2022-09-15 05:21:34' it works. And the same shall be sued in both the places.