We'd like to read detached signatures too, so split the
signature-buffer-reading code into a separate function.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Fix a few warnings:
idc.c: In function ‘IDC_get’:
idc.c:248:12: warning: ‘idclen’ may be used uninitialised in this function [-Wuninitialized]
image.c: In function ‘image_load’:
image.c:37:15: warning: unused variable ‘bytes_read’ [-Wunused-variable]
Plus, a bunch of strict-aliasing warnings:
image.c:101:2: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
[ similar warnings trimmed ]
when compiling image.c. Since struct external_PEI_DOS_hdr uses char[]
types for all members, we need to use accessors here.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add an option (--detached) to sbsign, which creates a detached
signature, rather than embedding it in the PE/COFF signature table.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
$(builddir) should be $(top_builddir), and we need a valid definition of
MKDIR_P to create the docs.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add autoconf & automake metadata, plus required files for automake to
run without complaint.
Requires an update to ccan, to get the --build-type argument to
create-ccan-tree.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Update the usage output of sbsign and sbverify so that it can be better
parsed by help2man. Also, add --version and --help.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add make logic to import lib/ccan from lib/ccan.git. We need to set some
dependencies on $(obj) to ensure the the ccan headers are available
before starting the main build.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add an option (--cert <file>) to specify a root certificate (or
certificates) to use as a trusted CA.
Verification can be disabled with --no-verify.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Extract the IDC-parsing code from IDC_check_hash, and use it to
initialise a BIO. This BIO can then be used to perform the PKCS7
verification.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
Add a check to match the calculated image's hash against the one found
in the PKCS7 IndirectDataContext
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
GPLv3; the sources include parts of binutils, include parts of ccan,
and have been partially based of osslsigntool.
Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>