vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
165 commits 2 branches 8 tags 366 KiB
Commit graph

69 commits

Author SHA1 Message Date
Jeremy Kerr
add8d00f31 sbkeysync: Add --keystore and --no-default-keystores options 
Add a couple of options to configure the location we read keys from

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-24 20:02:15 +08:00
Jeremy Kerr
a151ffdb9d sbkeysync: Add --verbose option and conditionally print debug output 
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-24 20:02:15 +08:00
Jeremy Kerr
d5ce9e3f36 sbkeysync: Add keystore parsing functions 
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-24 20:01:31 +08:00
Jeremy Kerr
2f82c545c2 sbkeysync: Add --efivars-dir option to specific different locations for var files 
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-24 20:01:31 +08:00
Jeremy Kerr
5757f27812 sbkeysync: Add X509 key parsing 
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-24 20:01:30 +08:00
Jeremy Kerr
c03ca4f73f sbkeysync: Add key ID data to print_key_database() 
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-24 20:01:30 +08:00
Jeremy Kerr
72ec025d79 sbkeysync: read & print signature databases 
Add some initial code to parse the EFI signature databases.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-24 20:00:52 +08:00
Jeremy Kerr
f8024a6a3b Move EFI_CERT types to efivars.h 
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-24 20:00:15 +08:00
Jeremy Kerr
f9eed9cc42 fileio: Add fileio_read_file_noerror() 
We may want to read files which can be absent. In this case, we don't
want to print an error.

This change adds fileio_read_file_noerror(), which suppresses error
output.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-24 19:58:21 +08:00
Jeremy Kerr
07328d85c3 sbvarsign: Start with a default set of variable attributes 
We're almost always going to want the attributes set to
NON_VOLATILE | BOOTSERVICE_ACCESS | RUNTIME_ACCES | APPEND_WRITE,
and TIME_BASED_AUTHENTICATED_WRITE is required. So, provide this
as the default if no --attrs argument is specified.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-23 19:39:32 +08:00
Jeremy Kerr
88625a586c efivars: Move EFI_VARIABLE_* attributes to efivars.h 
Rather than making these private to sbvarsign, move the EFI_VARIABLE
attribute defintions to efivars.h

Since some of these are defined by gnu-efi, we need to protect the
definitions with an #ifdef.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-23 19:11:34 +08:00
Jeremy Kerr
a7228c8307 sbsiglist: fix signature size check 
Rather than checking the size with the EFI_SIGNATURE_DATA header, just
check the data len.

Also, fix the definition for the SHA256 size.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-22 18:16:49 +08:00
Jeremy Kerr
fd553e841a sbvarsign: WIN_CERTIFICATE.dwLength should include the header size 
Despite what the Authenticode spec says ("dwLength is set to the length
of bCertificate"), the MS var sign tool and EDK2 sources include the
header in the dwLength size.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-22 16:53:49 +08:00
Jeremy Kerr
feddcb4f4f sbvarsign: Fix invalid sizeof() for zeroing timestamp data 
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-22 14:58:13 +08:00
Jeremy Kerr
030d5ef321 sbsiglist: check for owner and type arguments 
..rather than segfaulting.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-22 14:58:07 +08:00
Jeremy Kerr
541beab7ce sbsiglist: Fix SignatureSize 
We need to allow for the GUID in EFI_SIGNATURE_DATA too.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-14 14:32:16 +08:00
Jeremy Kerr
9389752741 image: use fileio_write_file 
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-13 15:14:11 +08:00
Jeremy Kerr
dcae99eca5 Remove unused gen-keyfiles source 
gen-keyfiles isn't built, and has been replaced by sbsiglist.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-13 15:13:35 +08:00
Jeremy Kerr
c7ee585439 Move sources to src/ subdirectory 
We have a number of source files now, so move them from the top level to
src/

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
 2012-08-13 15:10:21 +08:00