Rather than having three sets of (firmware, filesystem) key databases,
refactor into two sets of (kdk, db, dbx) databases. This allows us to
add the PK later.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We should free filename, and buf on error.
Also, check for the length of the file's data; we may be passed empty
files, and end up with a negative len.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We want to collect keystore entries on a separate list, so rename the
'list' member to something more specific.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We want to call key_id on file buffers too, which don't have the
EFI_SIGNATURE_DATA encapsulation.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We may want to read files which can be absent. In this case, we don't
want to print an error.
This change adds fileio_read_file_noerror(), which suppresses error
output.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We're almost always going to want the attributes set to
NON_VOLATILE | BOOTSERVICE_ACCESS | RUNTIME_ACCES | APPEND_WRITE,
and TIME_BASED_AUTHENTICATED_WRITE is required. So, provide this
as the default if no --attrs argument is specified.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than making these private to sbvarsign, move the EFI_VARIABLE
attribute defintions to efivars.h
Since some of these are defined by gnu-efi, we need to protect the
definitions with an #ifdef.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than checking the size with the EFI_SIGNATURE_DATA header, just
check the data len.
Also, fix the definition for the SHA256 size.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Despite what the Authenticode spec says ("dwLength is set to the length
of bCertificate"), the MS var sign tool and EDK2 sources include the
header in the dwLength size.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
When detaching a signature, we need to know the size of the
non-signature data. So, add a data_size member to struct image, and
populate it when we iterate through the section table.
When writing the image, use data_size rather than size, so we don't
unnecessarily add the (now unused) signature data.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than only calling image_find_regions when we want to sign or
verify image, call it when the image is loaded. We'll want to use the
parse data later, which will require it to be present on all instances
of an image.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
make distcheck was failing due to a missing efivars.h in the dist
tarball. Add it to common_SOURCES to include it.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Since we can sign i386 PE/COFF images, run the tests on both x86-64 and
i386 binaries.
We do this by moving test.pecoff to test-<arch>.pecoff, and using
automake's parallel-test option to add a wrapper to each test execution.
This wrapper calls each test once per arch (as defined in TEST_ARCHES),
and checks for failures in any invocation.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Replace struct image->aouthdr with a union of the 32- and 64-bit a.out
header definitions, and abstract the relevant parsing code into the
image_pecoff_parse_{32,64} functions.
We also move all references of data in the a.out header to these
functions, so we don't need to lookup the machine types elsewhere.
Based on a patch by Maxim Kammerer <mk@dee.su>.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
If we use IMAGE_FILE_MACHINE_AMD64 instead of AMD64MAGIC, we can avoid
including the arch-specific coff/x86_64 header.
Based on a patch from Maxim Kammerer <mk@dee.su>.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
padlen variable in image_write() cannot be used uninitialized,
but compiler is unable to determine that.
Signed-off-by: Maxim Kammerer <mk@dee.su>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
KEK, db and dbx updates need to be written as EFI_SIGNATURE_LIST
structures, so create a simple tool to create them.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
We do whole-file reads in a few places, so unify to a fileio_read_file()
function.
To do this, we change the type of struct image->buf to a uint8_t *.
Where we do pointer manipulation on the image buffer, we need a
temporary void * variable.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than duplicating the key & certificate loading in each tool,
unify it in a fileio object.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Rather than setting ->sigbuf directly, add two functions to handle image
signature addition and removal:
image_add_signature(image, sig, sigsize);
image_remove_signature(image);
And warn when a signature is to be overwritten.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>