There is something wrong around Certificate Authority #30
Description
I patched PreLoader.C, running patch ./efitools/PreLoader.c ./efi-tools-patches/preloader.c.patch.
And also built PreLoader.efi, running
cc -I./include/ -I/usr/include/efi -I/usr/include/efi/x86_64 -I/usr/include/efi/protocol -O2 -g -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check -DGNU_EFI_USE_MS_ABI -DEFI_FUNCTION_WRAPPER -mno-red-zone -DCONFIG_x86_64 -c PreLoader.c -o PreLoader.o
ld -nostdlib -shared -Bsymbolic /lib/crt0-efi-x86_64.o -L /lib -L /usr/lib -L /usr/lib64 -T elf_x86_64_efi.lds PreLoader.o lib/lib-efi.a -o PreLoader.so -lefi -lgnuefi /usr/lib/gcc/x86_64-linux-gnu/11/libgcc.a
objcopy -j .text -j .sdata -j .data -j .dynamic -j .dynsym -j .rel -j .rela -j '.rel.*' -j '.rela.*' -j '.rel*' -j '.rela*' -j .reloc --target=efi-app-x86_64 PreLoader.so PreLoader.efi
And then I signed it, running sbsign --key DB.key --cert DB.crt --output PreLoader.efi.signed PreLoader.efi.
It echoed
warning: data remaining[55800 vs 67336]: gaps between PE/COFF sections?
signature 1
image signature issuers:
……
Finally I found that mmx64.efi made me enroll DB.cer over and over again.
I don't know what's wrong.
Maybe there was something wrong around my signing.
Could you help me?
The PreLoader.efi patched by your patch may not match the Certificate Authority after being signed, and it always makes me enroll over and over again but cannot boot.