diff --git a/Feature-support-EBS-sign-for-IMA-digest-list.patch b/Feature-support-EBS-sign-for-IMA-digest-list.patch
index 2a475a7248f838400584f0fcd527e0b565bdfe68..8a54f8c73dc65b66cbdb710b72129a7b37524c3c 100644
--- a/Feature-support-EBS-sign-for-IMA-digest-list.patch
+++ b/Feature-support-EBS-sign-for-IMA-digest-list.patch
@@ -7,13 +7,13 @@ Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
 Signed-off-by: zhangguangzhi <zhangguangzhi3@huawei.com>
 
 ---
- brp-digest-list |  48 +++++-----
- brp-ebs-sign    | 231 ++++++++++++++++++++++++++++++++++++++++++++++++
- 2 files changed, 257 insertions(+), 22 deletions(-)
+ brp-digest-list |  46 +++++-----
+ brp-ebs-sign    | 238 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 262 insertions(+), 22 deletions(-)
  create mode 100644 brp-ebs-sign
 
 diff --git a/brp-digest-list b/brp-digest-list
-index e698b7a..fe6e75c 100644
+index e698b7a..d1e2600 100644
 --- a/brp-digest-list
 +++ b/brp-digest-list
 @@ -26,7 +26,6 @@ fi
@@ -24,7 +24,7 @@ index e698b7a..fe6e75c 100644
  
  # Generate digest list for the kernel
  gen_digest_lists -i M: -t metadata -f compact -d $DIGEST_LIST_DIR -i l:policy \
-@@ -70,28 +69,33 @@ DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basenam
+@@ -70,28 +69,31 @@ DIGEST_LIST_TLV_PATH="$DIGEST_LIST_DIR.tlv/0-metadata_list-compact_tlv-$(basenam
  chmod 644 $DIGEST_LIST_TLV_PATH
  echo $DIGEST_LIST_TLV_PATH
  
@@ -50,12 +50,10 @@ index e698b7a..fe6e75c 100644
 +export PUBLISHER_PORT=$(grep PUBLISHER_PORT /lkp/scheduled/job.yaml | awk '{print $2}')
 +if [[ -n "$PUBLISHER_HOST" && -n "$PUBLISHER_PORT" ]]; then
 +	[ -f /usr/lib/rpm/brp-ebs-sign ] || exit 0
-+	for f in $(ls $DIGEST_LIST_DIR); do
-+		sh /usr/lib/rpm/brp-ebs-sign --ima-digestlist $DIGEST_LIST_DIR/$f 1>&2
-+		[ -f $DIGEST_LIST_DIR/$f.sig ] || exit 0
-+		chmod 644 $DIGEST_LIST_DIR/$f.sig
-+		mv $DIGEST_LIST_DIR/$f.sig $DIGEST_LIST_DIR/$f
-+	done
++	sh /usr/lib/rpm/brp-ebs-sign --ima-digestlist $DIGEST_LIST_PATH 1>&2
++	[ -f $DIGEST_LIST_PATH.sig ] || exit 0
++	chmod 644 $DIGEST_LIST_PATH.sig
++	mv $DIGEST_LIST_PATH.sig $DIGEST_LIST_PATH
 +	exit 0
 +fi
  
@@ -81,10 +79,10 @@ index e698b7a..fe6e75c 100644
 +#fi
 diff --git a/brp-ebs-sign b/brp-ebs-sign
 new file mode 100644
-index 0000000..57e208b
+index 0000000..a7a83e5
 --- /dev/null
 +++ b/brp-ebs-sign
-@@ -0,0 +1,231 @@
+@@ -0,0 +1,238 @@
 +#!/bin/bash
 +
 +INPUT_TYPE=$1
@@ -101,6 +99,7 @@ index 0000000..57e208b
 +POST_OS_ORIJECT=""
 +CONFIG_RETEST_COUNT=5
 +SIGN_RESULT=0
++FAILED_SIGN_PERMISSION_DENIED=2
 +
 +# Tool functions for JSON
 +get_json_value(){
@@ -145,7 +144,6 @@ index 0000000..57e208b
 +}
 +
 +efi_sign_pre() {
-+	# TODO
 +	SIGN_FILE="$INPUT_FILE"
 +	POST_KEY_NAME="default-x509ee"
 +	POST_KEY_TYPE="x509ee"
@@ -154,7 +152,6 @@ index 0000000..57e208b
 +}
 +
 +kernel_sign_pre() {
-+	# TODO
 +	SIGN_FILE="$INPUT_FILE"
 +	POST_KEY_NAME="default-x509ee"
 +	POST_KEY_TYPE="x509ee"
@@ -252,6 +249,9 @@ index 0000000..57e208b
 +	req_err_msg=$(get_json_value "$req" "err_msg")
 +	if [ -n "$req_err_msg" ]; then
 +		echo "Failed, err_msg: [$req_err_msg]"
++		if [ "$req_err_msg" == "SIGN_PERMISSION_DENIED" ]; then
++			return $FAILED_SIGN_PERMISSION_DENIED
++		fi
 +		return 1
 +	fi
 +
@@ -303,9 +303,14 @@ index 0000000..57e208b
 +
 +for ((i=1; i<=$CONFIG_RETEST_COUNT; i++)); do
 +	sign
-+	if [ $? -eq 0 ]; then
++	ret_sign=$?
++	if [ $ret_sign -eq 0 ]; then
 +		echo "Succeed to sign file"
 +		break;
++	elif [ $ret_sign -eq $FAILED_SIGN_PERMISSION_DENIED ]; then
++		echo "Failed to sign file, permission denied"
++		SIGN_RESULT=1
++		break;
 +	elif [ $i -ne $CONFIG_RETEST_COUNT ]; then
 +		echo "Failed to sign file, try again"
 +	elif [ $i -eq $CONFIG_RETEST_COUNT ]; then
diff --git a/openEuler-rpm-config.spec b/openEuler-rpm-config.spec
index 086db3a285306097807a035b78a8453b3a03bc29..01ceb49d537136163699312b14341cfee2c97b36 100644
--- a/openEuler-rpm-config.spec
+++ b/openEuler-rpm-config.spec
@@ -3,7 +3,7 @@
 
 Name:		%{vendor}-rpm-config
 Version:	30
-Release:	52
+Release:	53
 License:	GPL+
 Summary:	specific rpm configuration files
 URL:		https://gitee.com/openeuler/openEuler-rpm-config
@@ -149,6 +149,9 @@ sed -i "s/__vendor/%{vendor}/g" `grep "__vendor" -rl %{buildroot}%{_rpmconfigdir
 %{rpmvdir}/find-requires.ksyms
 
 %changelog
+* Fri Mar 29 2024 zhangguangzhi <zhangguangzhi3@huawei.com> - 30-53
+- ima digest list ebs sign use file path and check errmsg
+
 * Fri Mar 22 2024 zhangguangzhi <zhangguangzhi3@huawei.com> - 30-52
 - ima digest list ebs sign support modsig