sbsigntools

Author	SHA1	Message	Date
James Bottomley	592ec2188f	Fix for multi-sign The new Tianocore multi-sign code fails now for images signed with sbsigntools. The reason is that we don't actually align the signature table, we just slap it straight after the binary data. Unfortunately, the new multi-signature code checks that our alignment offsets are correct and fails the signature for this reason. Fix by adding junk to the end of the image to align the signature section. Signed-off-by: James Bottomley <JBottomley@Parallels.com>	2014-12-19 16:42:37 -08:00
James Bottomley	b963c5cb38	image.c: clear image variable Not zeroing the image after talloc occasionally leads to a segfault because the programme thinks it has a signature when in reality it just has a junk pointer and segfaults. Signed-off-by: James Bottomley <JBottomley@Parallels.com>	2014-12-19 16:42:37 -08:00
Jeremy Kerr	951ee95a30	sbkeysync: add corrected efivars magic Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-11-14 16:37:08 +08:00
Jeremy Kerr	a7577f56b3	Version 0.6 Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-10-11 20:32:32 +08:00
Jeremy Kerr	050f003ce7	sbverify: explicitly trust all certificates given in --cert arguments In line with the verification process in firmware, update our verify callback to explicitly trust all certificates that we load to our cert store. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-10-11 20:31:04 +08:00
Jeremy Kerr	c98692a71f	sbverify: Add --verbose option Add an option to print the certificate & signature info while verifying a signed image. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-10-10 15:56:58 +08:00
Jeremy Kerr	cd51a26911	Version 0.5 Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-10-10 09:00:55 +08:00
Jeremy Kerr	ab63e31bb8	sbkeysync: change default efivarfs mountpoint to /sys/.../efivars/ Proposed changes to the kernel will establish /sys/firmware/efi/efivars as the canonical mountpoint for the efivars filesystem. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-10-08 12:07:43 +08:00
Jeremy Kerr	6bfa9f3349	Version 0.4 Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-10-02 17:12:02 +08:00
Jeremy Kerr	de78e0cde9	image: improve handling of unaligned section tables Rather than overrunning the heap, explicitly allocate the pad area for cases where we've aligned-up the section table sizes. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-10-02 11:44:39 +08:00
Jeremy Kerr	142ba5c1b3	image: use data_size in cert table header Since we write the certificate table starting at data_size (not size), use this value when generating the cert table header. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-10-02 11:22:37 +08:00
Jeremy Kerr	63cfc10ce0	image: improve section table parsing Only add the endjunk region when we need to add data, and warn when we've got too much. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-09-28 15:45:42 +08:00
Jeremy Kerr	274d4df0ff	image: Allow variable sized data directories The PE/COFF spec allows variable-sized data directories, which reduce the size of the optional header. While GNU ld always produces maximum-sized headers, the kernel's EFI_STUB code generates a smaller header size, which causes the image parsing code to abort. This change allows variable-sized optional headers, but checks for at least enough of an optional header to contain a CERT_TABLE data directory entry. We also rename struct image's aouthdr to opthdr, as it contains more than just the a.out fields. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-09-28 09:56:48 +08:00
Jeremy Kerr	cf747fcca3	sbvarsign: fix incorrect pointer in add_auth_descriptor Brown paper bag time: we want to hash the variable data, not the stack. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-09-05 11:19:05 +08:00
Jeremy Kerr	c933b5e8fd	sbvarsign: auth descriptor hash does not cover the \0 in the varname Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-09-05 11:16:42 +08:00
Jeremy Kerr	15354eaa4e	sbkeysync: fix siglist iteration We were updating siglist before incrementing i, and so aborting the siglist iteration earlier than necessary. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 23:03:49 +08:00
Jeremy Kerr	41c8bb9ea2	sbvarsign: Improve default GUID choice For db and dbx, we want EFI_IMAGE_SECURITY_DATABASE. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:57:00 +08:00
Jeremy Kerr	03e6a4e2b3	skkeysync: Add PK-handing code Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:04:14 +08:00
Jeremy Kerr	74153741c4	sbkeysync: Refactor signature database data structures Rather than having three sets of (firmware, filesystem) key databases, refactor into two sets of (kdk, db, dbx) databases. This allows us to add the PK later. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:04:13 +08:00
Jeremy Kerr	b4773c902a	sbkeysync: fix invalid free in keystore_read_entry We want to free path, not ke. We can also unify the error path. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:56 +08:00
Jeremy Kerr	41c741fe13	sbkeysync: Improve error handling in read_firmware_key_database We should free filename, and buf on error. Also, check for the length of the file's data; we may be passed empty files, and end up with a negative len. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:54 +08:00
Jeremy Kerr	16c09d22a6	sbkeysync: insert new keys Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:32 +08:00
Jeremy Kerr	ae1523673e	sbkeysync: print keystore before key databases Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:32 +08:00
Jeremy Kerr	37d838a43d	sbkeysync: Find keys missing from firmware key databases Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:32 +08:00
Jeremy Kerr	60586e122f	sbkeysync: Rename struct keystore_entry->list to keystore_list We want to collect keystore entries on a separate list, so rename the 'list' member to something more specific. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:32 +08:00
Jeremy Kerr	ae3344f5eb	sbkeysync: Generate and print key descriptions .. rather than printing the raw IDs. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:32 +08:00
Jeremy Kerr	7dc407e311	sbkeysync: add comment to sigdb_iterate Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:32 +08:00
Jeremy Kerr	bd9de8eadd	sbkeysync: Change key_id to key_parse Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:32 +08:00
Jeremy Kerr	22450d8c40	sbkeysync: Print filesystem key databases Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:32 +08:00
Jeremy Kerr	54e1fbed30	sbkeysync: read keystore into kdb->filesystem_keys Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:32 +08:00
Jeremy Kerr	5527ef2db4	sbkeysync: Unify key_database Use key_database as a generic container for both firmware & filesystem keys. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:03:29 +08:00
Jeremy Kerr	1bdfb9acb8	sbkeysync: Add key_database->filesystem_keys Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:02:15 +08:00
Jeremy Kerr	bdeb14370d	sbkeysync: keystore -> fs_keystore To make it clear that these are key files. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:02:15 +08:00
Jeremy Kerr	98911a7f4c	sbkeysync: pass data buffer (instead of EFI_SIGNATURE_DATA) to key_id We want to call key_id on file buffers too, which don't have the EFI_SIGNATURE_DATA encapsulation. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:02:15 +08:00
Jeremy Kerr	1a431a5a2d	sbkeysync: add keystore_entry->root Helps to show where the keys are loaded from. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:02:15 +08:00
Jeremy Kerr	add8d00f31	sbkeysync: Add --keystore and --no-default-keystores options Add a couple of options to configure the location we read keys from Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:02:15 +08:00
Jeremy Kerr	a151ffdb9d	sbkeysync: Add --verbose option and conditionally print debug output Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:02:15 +08:00
Jeremy Kerr	d5ce9e3f36	sbkeysync: Add keystore parsing functions Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:01:31 +08:00
Jeremy Kerr	2f82c545c2	sbkeysync: Add --efivars-dir option to specific different locations for var files Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:01:31 +08:00
Jeremy Kerr	5757f27812	sbkeysync: Add X509 key parsing Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:01:30 +08:00
Jeremy Kerr	c03ca4f73f	sbkeysync: Add key ID data to print_key_database() Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:01:30 +08:00
Jeremy Kerr	72ec025d79	sbkeysync: read & print signature databases Add some initial code to parse the EFI signature databases. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:00:52 +08:00
Jeremy Kerr	f8024a6a3b	Move EFI_CERT types to efivars.h Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 20:00:15 +08:00
Jeremy Kerr	f9eed9cc42	fileio: Add fileio_read_file_noerror() We may want to read files which can be absent. In this case, we don't want to print an error. This change adds fileio_read_file_noerror(), which suppresses error output. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-24 19:58:21 +08:00
Jeremy Kerr	07328d85c3	sbvarsign: Start with a default set of variable attributes We're almost always going to want the attributes set to NON_VOLATILE \| BOOTSERVICE_ACCESS \| RUNTIME_ACCES \| APPEND_WRITE, and TIME_BASED_AUTHENTICATED_WRITE is required. So, provide this as the default if no --attrs argument is specified. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-23 19:39:32 +08:00
Jeremy Kerr	88625a586c	efivars: Move EFI_VARIABLE_* attributes to efivars.h Rather than making these private to sbvarsign, move the EFI_VARIABLE attribute defintions to efivars.h Since some of these are defined by gnu-efi, we need to protect the definitions with an #ifdef. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-23 19:11:34 +08:00
Jeremy Kerr	a7228c8307	sbsiglist: fix signature size check Rather than checking the size with the EFI_SIGNATURE_DATA header, just check the data len. Also, fix the definition for the SHA256 size. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-22 18:16:49 +08:00
Jeremy Kerr	fd553e841a	sbvarsign: WIN_CERTIFICATE.dwLength should include the header size Despite what the Authenticode spec says ("dwLength is set to the length of bCertificate"), the MS var sign tool and EDK2 sources include the header in the dwLength size. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-22 16:53:49 +08:00
Jeremy Kerr	feddcb4f4f	sbvarsign: Fix invalid sizeof() for zeroing timestamp data Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-22 14:58:13 +08:00
Jeremy Kerr	030d5ef321	sbsiglist: check for owner and type arguments ..rather than segfaulting. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>	2012-08-22 14:58:07 +08:00

1 2 3

135 commits