I think I may have found the problem. I can write the file_name.signed created by your scripts in NT32 emulated environment and in EDKII on Minnow board that I build myself. However, I cannot write the file_name.signed on a commercial device. I can write the same authenticate variable with the same Name/GUID and same cert/key on a device when I create the payload in a UEFI Shell app. So the only difference is creating the signed payload by sbvarsign in Ubuntu vs doing it in UEFI. I compared both the working and non-working payloads and the main difference I see is in the timestamp. For some reason sbvarsign writes the Year as 0x0078 (120) vs the UEFI app writing 0x07e4 (2020). The month/day/hour/min seems to be OK, but the year is really off in the sbvarsign's payload. I cannot prove it, but I think the commercial firmware may be having a sanity check for the timestamp date/time, e.g. compare with the device manufacture date. Since sbvarsign does not allow setting a timestamp separately, I cannot force it to create a payload with the correct year.
-=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#52996): https://edk2.groups.io/g/devel/message/52996 Mute This Topic: https://groups.io/mt/36573446/21656 Group Owner: devel+ow...@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
