<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/65637>65637</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            stripping PE binary fails to delete security directory entry
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          medhefgo
      </td>
    </tr>
</table>

<pre>
    Given a signed PE/EFI binary, running `llvm-strip` on it will remove the signatures contained in it, but leave the security data directory entry inside the PE optional header as-is. This renders the  binary unbootable as it gets rejected by firmware/EDK2.

Using signed grub2 from debian as example:
$ qemu-system-x86_64 -bios /usr/share/edk2/x64/OVMF.fd -kernel grubx64.efi.signed
(This boots to grub cmdline.)
$ llvm-strip grubx64.efi.signed
$ sbverify --list grubx64.efi.signed 
warning: checksum areas are greater than image size. Invalid section table?
No signature table present
$ qemu-system-x86_64 -bios /usr/share/edk2/x64/OVMF.fd -kernel grubx64.efi.signed
(Fails to boot grub.)

Manually changing the security directory pointer and size to 0 will allow booting again and also make sbverify happy again.

(binutils has the [same issue](https://sourceware.org/bugzilla/show_bug.cgi?id=30830).)
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJy8VM2O4zYTfBr60rAgU7JsH3TY_Wb0YRFsMock10VTbEnMUKTCH3u0Tx-Q8sQZYJFjLu2Di9XdVaVG79VoiFp2_MyOTzuMYbKunUlONIx2J6xc2_-rKxlAyFAJL8-Md8_dFxDKoFsZ_x-4aIwyI7Cm1Po6731wamFNCdaACnBTWoOj2V4JwkSZCEN05KG3JqBKtCpBE5mIATThO5b66FRYQWJAkMpRH6xbgUxwKyjjldyAL89gl6CsQQ0ToSQH6PfKF_DrpDw4MpKcz9D75BCNsDag0ATo06AjhYT8g_pAEsQKg3LzDR2ljZ9-4gUrn1j5aau_-bTyXZTRRcFhcHYGSUKhSYz0hvOiiVX3F4zX8CfNce9XH2jev52bb00Ne6GsB8a76B3jnZ-2hiRfOePdW1Mz3v3y-9euGCTsX8kZ0rnfW1MXNKhiG-G9xTmvmxbzEGwGQj9LrQwVjF8ekzyc-he2Gry4klPDCvu9Vj78AAsb-IYuhYBVn6CfqH_1cQZ0hD5VGB1hIAdhQgNqxjHF4DsV8MVcUSuZjE7uQfaDVd1G-rN9pGX7CxZHnkz4LyXtUOmsZpI1A_8hZa5f0UTUeoV-QjOmYHwM79-5XawySQc0MguQWMvtC0Gt7S23SO9xRGUyDLW3MOMrPbyYcFnWDfIhk4yfhTIxpHEn3NLOjp89zgTK-0js-MT4eQph8SmWvEvq2Oh6SjEvrBsZ70QcvyutMStnb99EHIt-VKzqlGTVU1Weq5LxS9JgJ9tKXqoL7qg9NJf6UB7rhu-m9nSpK9H0xxPS4VzTUB-HQz0MhJfqVNVU71TLS16Vl_J0aI6H8lDUki4lDSiErOsT56wuaUalixTUNNkub9A2x6Y67TQK0j7fLc4N3e7rcZ7OmGtzuEUcPavLFFv_YAkqaGpz8Jck9Mvz-z0Y3m2WpCn80L58dnbR6fajhqMKUxRFb2fGu9Tq_rNfnE3nhPEuD-gZ7_ICfwUAAP__w77SOw">