secure-boot-code-sign: sign_kmod and sign_efi: Check size of signature file (!32) · Merge requests · Debian FTP Team / code-signing

Salvatore Bonaccorso requested to merge carnil/code-signing:sig-file-check into master May 17, 2025

As reported in #1105164 two of the module signatures were empty likely due to a temporary problem on the signing service while processing the watchdog and w83977f_wdt module, resulting in an empty signature file be provided and causing module load errors with "Bad message".

Try to catch this case by double checking the size of the signature file first before returning the hash.

Similarly do a check as well in the sign_efi function.

Link: https://bugs.debian.org/1105164 Signed-off-by: Salvatore Bonaccorso carnil@debian.org

secure-boot-code-sign: sign_kmod and sign_efi: Check size of signature file

Merge request reports