Commit graph

21 commits

Author SHA1 Message Date
Jeremy Kerr
e1b58d6ccb image: Allow manipulation of i386 PE/COFF files
Replace struct image->aouthdr with a union of the 32- and 64-bit a.out
header definitions, and abstract the relevant parsing code into the
image_pecoff_parse_{32,64} functions.

We also move all references of data in the a.out header to these
functions, so we don't need to lookup the machine types elsewhere.

Based on a patch by Maxim Kammerer <mk@dee.su>.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-13 11:27:39 +08:00
Jeremy Kerr
e027b87cff Remove arch-specific coff headers
If we use IMAGE_FILE_MACHINE_AMD64 instead of AMD64MAGIC, we can avoid
including the arch-specific coff/x86_64 header.

Based on a patch from Maxim Kammerer <mk@dee.su>.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-10 17:12:54 +08:00
Maxim Kammerer
1c8fac1fbe image: Prevent an uninitialized variable warning
padlen variable in image_write() cannot be used uninitialized,
but compiler is unable to determine that.

Signed-off-by: Maxim Kammerer <mk@dee.su>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-10 16:37:25 +08:00
Jeremy Kerr
6e4b3edcfb fileio: Unify whole-file reads
We do whole-file reads in a few places, so unify to a fileio_read_file()
function.

To do this, we change the type of struct image->buf to a uint8_t *.
Where we do pointer manipulation on the image buffer, we need a
temporary void * variable.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-03 11:14:17 +08:00
Jeremy Kerr
d27647ba69 image: add functions to add and remove signatures
Rather than setting ->sigbuf directly, add two functions to handle image
signature addition and removal:

 image_add_signature(image, sig, sigsize);
 image_remove_signature(image);

And warn when a signature is to be overwritten.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-03 10:03:14 +08:00
Jeremy Kerr
36e79114d2 sbattach: fix --detach
sbattach --detach isn't working, as we're not properly setting sigbuf in
image_pecoff parse.

This change ensures we populate sigbuf when we find a valid cert table.
Also, add a test case for this.

Bug report & initial patch from from Steve Langasek.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-08-02 16:47:14 +08:00
Jeremy Kerr
5dc7b4c370 license: Add OpenSSL exception to GPLv3 terms
We're using OpenSSL, so need to grant binary distrbutors permission to
link with it.

Cleared with current contributors.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-28 15:06:31 +08:00
James Bottomley
d7cfae59da image: fix signature calculation when there's junk at the end of the efi binary
The current gnu efi generation tools insist on leaving junk at the end
of the binary.  According to the authenticode spec, we have to include
this in the hash otherwise signature verification fails, so add the end
junk to the calculation of the hash.

I've verified that with this fix (and another one to get objcopy to
align the sections correctly) we can now sign gnu tools generated efi
code with tianocore r13466

Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-28 14:23:49 +08:00
James Bottomley
bf7e97bd1c image: fix incorrect assumption about signature header
The sbsign tools appear to assume that WIN_CERTIFICATE.dwLength is the
length of the signature.  It's not, it's the length of the signature
plus the length of the WIN_CERTIFICATE header.  UEFI Version 2.3.1,
Errata A explicitly states this in section 27.2.5 (Code Definitions).

I found this because I've been playing around with the tianocore secure
boot UEFI images and I couldn't get efi binaries signed with your tools
to verify.  When you apply the fix, I've got the binaries to verify (at
least with X509 KEK signatures).

Signed-off-by: James Bottomley <JBottomley@Parallels.com>
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-28 10:47:55 +08:00
Jeremy Kerr
376974e386 image: Unconditionally parse PE/COFF data
Rather than requiring an explicit image_pecoff_parse, do it
unconditionally in image_load. We don't have any instances where we need
to do this separately.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-13 17:39:34 +08:00
Jeremy Kerr
be7559abfe image: Add facility to write unsigned images
Change image_write_signed to image_write, and conditionally write the
signature if one is present.

This will allow us to write unsigned images when detaching a sig from an
image.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-12 10:19:08 +08:00
Jeremy Kerr
ffc1f41ace Fix warnings from added -W flags
Fix a few warnings:

 idc.c: In function ‘IDC_get’:
 idc.c:248:12: warning: ‘idclen’ may be used uninitialised in this function [-Wuninitialized]

 image.c: In function ‘image_load’:
 image.c:37:15: warning: unused variable ‘bytes_read’ [-Wunused-variable]

Plus, a bunch of strict-aliasing warnings:

 image.c:101:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
 [ similar warnings trimmed ]

when compiling image.c. Since struct external_PEI_DOS_hdr uses char[]
types for all members, we need to use accessors here.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 16:54:42 +08:00
Jeremy Kerr
3c9815acc6 sbsign: Add --detached option to create detached PKCS7 signatures
Add an option (--detached) to sbsign, which creates a detached
signature, rather than embedding it in the PE/COFF signature table.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-06-11 15:59:48 +08:00
Jeremy Kerr
9a4440676c image: use read_write_all from ccan
Rather than using our own functions for reading/writing an entire
buffer, use ccan's.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-28 22:44:39 +08:00
Jeremy Kerr
3bb18f8ed9 image: Fix format specifier for 32-bit builds
Use %t rather than assuming typeof(ptr - int) == unsigned long.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-28 22:35:48 +08:00
Jeremy Kerr
ef7966087d image: reformat gap warnings
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:32:23 -07:00
Jeremy Kerr
f7f7ad00a3 image: add cert table to image size
Don't warn when the certificate table is the only un-hashed data.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 21:31:43 -07:00
Jeremy Kerr
b3dc6529eb image: open output file with O_TRUNC
Prevents weirdness when overwriting old files.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-05-12 09:44:17 -07:00
Jeremy Kerr
1d3ebb7b24 Add copyright comments
GPLv3; the sources include parts of binutils, include parts of ccan,
and have been partially based of osslsigntool.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 18:14:42 +08:00
Jeremy Kerr
da5568e8ff image: warn about potential checksum differences
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:42:45 +08:00
Jeremy Kerr
3b802fe3da Initial commit
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
2012-04-23 17:25:19 +08:00