diff --git a/image.c b/image.c
index 64c31ad..ccbb535 100644
--- a/image.c
+++ b/image.c
@@ -359,7 +359,8 @@ int image_write(struct image *image, const char *filename)
 
 	/* optionally update the image to contain signature data */
 	if (is_signed) {
-		cert_table_header.size = image->sigsize;
+		cert_table_header.size = image->sigsize +
+						sizeof(cert_table_header);
 		cert_table_header.revision = 0x0200; /* = revision 2 */
 		cert_table_header.type = 0x0002; /* PKCS signedData */
 
diff --git a/sbverify.c b/sbverify.c
index edf7d8c..00c8684 100644
--- a/sbverify.c
+++ b/sbverify.c
@@ -120,7 +120,7 @@ static int load_image_signature_data(struct image *image,
 
 	header = image->buf + image->data_dir_sigtable->addr;
 	*buf = (void *)(header + 1);
-	*len = header->size;
+	*len = header->size - sizeof(*header);
 	return 0;
 }