EFI signing process tries to sign non existing kernels

zozagiso91 · 24 January 2026 21:38

Hello,

I replaced GRUB with systemd-boot ([How To] Convert to systemd-boot) a while ago and I noticed a few days ago when trying to run an update with pacman -Syu that when the EFI signing process starts, that the process tries to sign kernels that are no longer available.

(23/23) Signing EFI binaries...
Generating EFI bundles....
failed signing /lib/modules/6.10.0-3-MANJARO/vmlinuz: /lib/modules/6.10.0-3-MANJARO/vmlinuz does not exist
failed signing /lib/modules/6.6.32-1-MANJARO/vmlinuz: /lib/modules/6.6.32-1-MANJARO/vmlinuz does not exist
failed signing /lib/modules/6.8.12-3-MANJARO/vmlinuz: /lib/modules/6.8.12-3-MANJARO/vmlinuz does not exist
failed signing /lib/modules/6.9.5-1-MANJARO/vmlinuz: /lib/modules/6.9.5-1-MANJARO/vmlinuz does not exist
failed signing /usr/lib/modules/6.10.0-3-MANJARO/vmlinuz: /usr/lib/modules/6.10.0-3-MANJARO/vmlinuz does not exist
failed signing /usr/lib/modules/6.8.11-1-MANJARO/vmlinuz: /usr/lib/modules/6.8.11-1-MANJARO/vmlinuz does not exist
failed signing /usr/lib/modules/6.8.12-3-MANJARO/vmlinuz: /usr/lib/modules/6.8.12-3-MANJARO/vmlinuz does not exist
failed signing /usr/lib/modules/6.9.2-1-MANJARO/vmlinuz: /usr/lib/modules/6.9.2-1-MANJARO/vmlinuz does not exist
failed signing /usr/lib/modules/6.9.3-3-MANJARO/vmlinuz: /usr/lib/modules/6.9.3-3-MANJARO/vmlinuz does not exist
failed signing /usr/lib/modules/6.9.5-1-MANJARO/vmlinuz: /usr/lib/modules/6.9.5-1-MANJARO/vmlinuz does not exist
failed signing /lib/modules/6.10.0-1-MANJARO/vmlinuz: /lib/modules/6.10.0-1-MANJARO/vmlinuz does not exist
failed signing /lib/modules/6.8.11-1-MANJARO/vmlinuz: /lib/modules/6.8.11-1-MANJARO/vmlinuz does not exist
failed signing /usr/lib/modules/6.10.0-1-MANJARO/vmlinuz: /usr/lib/modules/6.10.0-1-MANJARO/vmlinuz does not exist
failed signing /usr/lib/modules/6.6.32-1-MANJARO/vmlinuz: /usr/lib/modules/6.6.32-1-MANJARO/vmlinuz does not exist
File has already been signed /efi/EFI/BOOT/BOOTX64.EFI
File has already been signed /efi/EFI/systemd/systemd-bootx64.efi
failed signing /lib/modules/6.9.2-1-MANJARO/vmlinuz: /lib/modules/6.9.2-1-MANJARO/vmlinuz does not exist
failed signing /lib/modules/6.9.3-3-MANJARO/vmlinuz: /lib/modules/6.9.3-3-MANJARO/vmlinuz does not exist
failed signing /lib/modules/6.9.9-1-MANJARO/vmlinuz: /lib/modules/6.9.9-1-MANJARO/vmlinuz does not exist
failed signing /usr/lib/modules/6.9.9-1-MANJARO/vmlinuz: /usr/lib/modules/6.9.9-1-MANJARO/vmlinuz does not exist
error: command failed to execute correctly

Before that I always updated packages via pamac-manager so I missed those errors because of that.
The kernels were installed and removed via manjaro-settings-manager. Might the errors originate in using manjaro-settings-manager instead of kernel-install remove or could this not be related to the errors?

kernel-install list gives me the following output:

VERSION           HAS KERNEL PATH                              
6.12.64-1-MANJARO          ✓ /usr/lib/modules/6.12.64-1-MANJARO
6.18.4-1-MANJARO           ✓ /usr/lib/modules/6.18.4-1-MANJARO

A few days I think 6.10 was still in the list but I failed to remove it with kernel-install remove. But now it seems that it’s gone. 6.6.32-1 or 6.9.5-1 where never in the list that day but still showed in the log.

My system seems to run fine even with those errors but I still wonder if I should switch to kernel install remove in the future for removing kernels or use it in addition to manjaro-settings-manager and if there are some unused resources left that I could remove.

I hope someone can help.

Teo · 24 January 2026 23:41

You can also use mhwd-kernel to manage the kernels.

If i remember correctly, at some point there was some bug and the /usr/lib/modules/ folders of the uninstalled kernels were left behind. So just delete those (for the uninstalled kernels).

mithrial · 25 January 2026 12:52

The bug was with the pacman hook that copied the modules to not needing a reboot after a kernel update.

zozagiso91 · 25 January 2026 15:09

I forgot to mention, that I already deleted an old module in that folder. I think it was 6.10.. /lib/modules/ and /usr/lib/modules/ does only contain the currently installed kernels: 6.12 and 6.18. So I wonder why the process tries to do something with kernels or modules that do not exists any longer.

Teo · 25 January 2026 15:45

Well it seems to find remnants of those kernels somewhere. You can also check the mkinitcpio presets and the /boot for remnants. Or do a search for the deleted kernel numbers. Otherwise, no idea.

zozagiso91 · 28 January 2026 15:58

I used sudo grep -rlnIFi -f missing-kernels.txt --exclude-dir={proc,sys} / to search for the missing kernels and found /var/lib/sbctl/files.json

{
    "/efi/EFI/BOOT/BOOTX64.EFI": {
        "file": "/efi/EFI/BOOT/BOOTX64.EFI",
        "output_file": "/efi/EFI/BOOT/BOOTX64.EFI"
    },
    "/efi/EFI/systemd/systemd-bootx64.efi": {
        "file": "/efi/EFI/systemd/systemd-bootx64.efi",
        "output_file": "/efi/EFI/systemd/systemd-bootx64.efi"
    },
    "/lib/modules/6.10.0-1-MANJARO/vmlinuz": {
        "file": "/lib/modules/6.10.0-1-MANJARO/vmlinuz",
        "output_file": "/lib/modules/6.10.0-1-MANJARO/vmlinuz"
    },
    "/lib/modules/6.10.0-3-MANJARO/vmlinuz": {
        "file": "/lib/modules/6.10.0-3-MANJARO/vmlinuz",
        "output_file": "/lib/modules/6.10.0-3-MANJARO/vmlinuz"
    },
    "/lib/modules/6.6.32-1-MANJARO/vmlinuz": {
        "file": "/lib/modules/6.6.32-1-MANJARO/vmlinuz",
        "output_file": "/lib/modules/6.6.32-1-MANJARO/vmlinuz"
    },
    "/lib/modules/6.8.11-1-MANJARO/vmlinuz": {
        "file": "/lib/modules/6.8.11-1-MANJARO/vmlinuz",
        "output_file": "/lib/modules/6.8.11-1-MANJARO/vmlinuz"
    },
    "/lib/modules/6.8.12-3-MANJARO/vmlinuz": {
        "file": "/lib/modules/6.8.12-3-MANJARO/vmlinuz",
        "output_file": "/lib/modules/6.8.12-3-MANJARO/vmlinuz"
    },
    "/lib/modules/6.9.2-1-MANJARO/vmlinuz": {
        "file": "/lib/modules/6.9.2-1-MANJARO/vmlinuz",
        "output_file": "/lib/modules/6.9.2-1-MANJARO/vmlinuz"
    },
    "/lib/modules/6.9.3-3-MANJARO/vmlinuz": {
        "file": "/lib/modules/6.9.3-3-MANJARO/vmlinuz",
        "output_file": "/lib/modules/6.9.3-3-MANJARO/vmlinuz"
    },
    "/lib/modules/6.9.5-1-MANJARO/vmlinuz": {
        "file": "/lib/modules/6.9.5-1-MANJARO/vmlinuz",
        "output_file": "/lib/modules/6.9.5-1-MANJARO/vmlinuz"
    },
    "/lib/modules/6.9.9-1-MANJARO/vmlinuz": {
        "file": "/lib/modules/6.9.9-1-MANJARO/vmlinuz",
        "output_file": "/lib/modules/6.9.9-1-MANJARO/vmlinuz"
    },
    "/usr/lib/modules/6.10.0-1-MANJARO/vmlinuz": {
        "file": "/usr/lib/modules/6.10.0-1-MANJARO/vmlinuz",
        "output_file": "/usr/lib/modules/6.10.0-1-MANJARO/vmlinuz"
    },
    "/usr/lib/modules/6.10.0-3-MANJARO/vmlinuz": {
        "file": "/usr/lib/modules/6.10.0-3-MANJARO/vmlinuz",
        "output_file": "/usr/lib/modules/6.10.0-3-MANJARO/vmlinuz"
    },
    "/usr/lib/modules/6.6.32-1-MANJARO/vmlinuz": {
        "file": "/usr/lib/modules/6.6.32-1-MANJARO/vmlinuz",
        "output_file": "/usr/lib/modules/6.6.32-1-MANJARO/vmlinuz"
    },
    "/usr/lib/modules/6.8.11-1-MANJARO/vmlinuz": {
        "file": "/usr/lib/modules/6.8.11-1-MANJARO/vmlinuz",
        "output_file": "/usr/lib/modules/6.8.11-1-MANJARO/vmlinuz"
    },
    "/usr/lib/modules/6.8.12-3-MANJARO/vmlinuz": {
        "file": "/usr/lib/modules/6.8.12-3-MANJARO/vmlinuz",
        "output_file": "/usr/lib/modules/6.8.12-3-MANJARO/vmlinuz"
    },
    "/usr/lib/modules/6.9.2-1-MANJARO/vmlinuz": {
        "file": "/usr/lib/modules/6.9.2-1-MANJARO/vmlinuz",
        "output_file": "/usr/lib/modules/6.9.2-1-MANJARO/vmlinuz"
    },
    "/usr/lib/modules/6.9.3-3-MANJARO/vmlinuz": {
        "file": "/usr/lib/modules/6.9.3-3-MANJARO/vmlinuz",
        "output_file": "/usr/lib/modules/6.9.3-3-MANJARO/vmlinuz"
    },
    "/usr/lib/modules/6.9.5-1-MANJARO/vmlinuz": {
        "file": "/usr/lib/modules/6.9.5-1-MANJARO/vmlinuz",
        "output_file": "/usr/lib/modules/6.9.5-1-MANJARO/vmlinuz"
    },
    "/usr/lib/modules/6.9.9-1-MANJARO/vmlinuz": {
        "file": "/usr/lib/modules/6.9.9-1-MANJARO/vmlinuz",
        "output_file": "/usr/lib/modules/6.9.9-1-MANJARO/vmlinuz"
    }
}

This explains the usage of the file:

files_db: /path/to/files/json
The location of the json file storing the files sbctl will sign.
Default: /var/lib/sbctl/files.json
(sbctl.conf(5) — Arch manual pages)

Not sure where it is used. Maybe someone like @linux-aarhus knows more. But I guess that I could remove the parts with /lib/modules/... and leave the /efi/...-parts. Interestingly the current kernels are not listed there. Maybe I missed some notice while updating due to the usage of pamac-manager explaining this issue I’m having. I also found this:

The sbctl install hook automatically signs the following boot components when using kernel-install (see Installkernel).
Use sbctl sign -s instead of sbctl sign to automatically save files to be signed to /var/lib/sbctl/files.json. (sbctl - Gentoo Wiki).

Maybe somewhere sbctl sign is used without the -s option and so files.json is not updated. Or maybe it is not used anylonger.

zozagiso91 · 30 January 2026 18:23

I removed the old kernels from files.jsonand now the errors are gone as expected. Thank you for your support.

system · 2 February 2026 18:23

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.