Commit graph

16 commits

Author SHA1 Message Date
Jeremy Kerr
36e79114d2 sbattach: fix --detach
sbattach --detach isn't working, as we're not properly setting sigbuf in
image_pecoff parse.

This change ensures we populate sigbuf when we find a valid cert table.
Also, add a test case for this.

Bug report & initial patch from from Steve Langasek.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-02 16:47:14 +08:00
Jeremy Kerr
5dc7b4c370 license: Add OpenSSL exception to GPLv3 terms
We're using OpenSSL, so need to grant binary distrbutors permission to
link with it.

Cleared with current contributors.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-28 15:06:31 +08:00
James Bottomley
d7cfae59da image: fix signature calculation when there's junk at the end of the efi binary
The current gnu efi generation tools insist on leaving junk at the end
of the binary.  According to the authenticode spec, we have to include
this in the hash otherwise signature verification fails, so add the end
junk to the calculation of the hash.

I've verified that with this fix (and another one to get objcopy to
align the sections correctly) we can now sign gnu tools generated efi
code with tianocore r13466

Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-28 14:23:49 +08:00
James Bottomley
bf7e97bd1c image: fix incorrect assumption about signature header
The sbsign tools appear to assume that WIN_CERTIFICATE.dwLength is the
length of the signature.  It's not, it's the length of the signature
plus the length of the WIN_CERTIFICATE header.  UEFI Version 2.3.1,
Errata A explicitly states this in section 27.2.5 (Code Definitions).

I found this because I've been playing around with the tianocore secure
boot UEFI images and I couldn't get efi binaries signed with your tools
to verify.  When you apply the fix, I've got the binaries to verify (at
least with X509 KEK signatures).

Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-28 10:47:55 +08:00
Jeremy Kerr
376974e386 image: Unconditionally parse PE/COFF data
Rather than requiring an explicit image_pecoff_parse, do it
unconditionally in image_load. We don't have any instances where we need
to do this separately.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 17:39:34 +08:00
Jeremy Kerr
be7559abfe image: Add facility to write unsigned images
Change image_write_signed to image_write, and conditionally write the
signature if one is present.

This will allow us to write unsigned images when detaching a sig from an
image.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-12 10:19:08 +08:00
Jeremy Kerr
ffc1f41ace Fix warnings from added -W flags
Fix a few warnings:

 idc.c: In function ‘IDC_get’:
 idc.c:248:12: warning: ‘idclen’ may be used uninitialised in this function [-Wuninitialized]

 image.c: In function ‘image_load’:
 image.c:37:15: warning: unused variable ‘bytes_read’ [-Wunused-variable]

Plus, a bunch of strict-aliasing warnings:

 image.c:101:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
 [ similar warnings trimmed ]

when compiling image.c. Since struct external_PEI_DOS_hdr uses char[]
types for all members, we need to use accessors here.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 16:54:42 +08:00
Jeremy Kerr
3c9815acc6 sbsign: Add --detached option to create detached PKCS7 signatures
Add an option (--detached) to sbsign, which creates a detached
signature, rather than embedding it in the PE/COFF signature table.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 15:59:48 +08:00
Jeremy Kerr
9a4440676c image: use read_write_all from ccan
Rather than using our own functions for reading/writing an entire
buffer, use ccan's.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-28 22:44:39 +08:00
Jeremy Kerr
3bb18f8ed9 image: Fix format specifier for 32-bit builds
Use %t rather than assuming typeof(ptr - int) == unsigned long.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-28 22:35:48 +08:00
Jeremy Kerr
ef7966087d image: reformat gap warnings
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:32:23 -07:00
Jeremy Kerr
f7f7ad00a3 image: add cert table to image size
Don't warn when the certificate table is the only un-hashed data.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:31:43 -07:00
Jeremy Kerr
b3dc6529eb image: open output file with O_TRUNC
Prevents weirdness when overwriting old files.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:44:17 -07:00
Jeremy Kerr
1d3ebb7b24 Add copyright comments
GPLv3; the sources include parts of binutils, include parts of ccan,
and have been partially based of osslsigntool.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 18:14:42 +08:00
Jeremy Kerr
da5568e8ff image: warn about potential checksum differences
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:42:45 +08:00
Jeremy Kerr
3b802fe3da Initial commit
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:25:19 +08:00