[ipxe-devel] imgverify error: CMS 0xda9b4 does not contain singedData

Kuniyasu Suzaki k.suzaki at aist.go.jp
Fri Jan 8 09:12:49 UTC 2016


Hello,

Please tell me how to set up "imgverify".
I follow the home page http://ipxe.org/crypto, and I made a signature
file for a linux kernel.

# openssl req -newkey rsa -keyout codesign.key -out codesign.req
# openssl ca -config openssl-ca.cnf -extensions codesigning -in
codesign.req -out codesign.crt
# openssl cms -sign -binary -noattr -in vm -signer codesign.crt -inkey
codesign.key -certfile CA/cacert.pem -inform DER -out vm.sig

I also made an iPXE binary with a certificate. I also set up DEBUG for cms.

$ make bin/ipxe.usb DEBUG=cms CERT=/etc/ssl/CA/capert.pem
TRUST=/etc/ssl/CA/certs/server.pem

I tried "imgverify" command on the iPXE, but I got the error message.

kernel http://****/vm
imgverify vm http://****/vm.sig
CMS 0xda9b4 does not contain singedData:
Could not verify: Operation not supported (http://ipxe.org/3c2ae103)

Please tell me how to set up imgverify.

----------
Kuni Suzaki  https://staff.aist.go.jp/k.suzaki/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20160108/59187ab1/attachment.sig>


More information about the ipxe-devel mailing list