diff options
| author | Yonghong Zhu <yonghong.zhu@intel.com> | 2016-10-13 15:59:06 +0800 |
|---|---|---|
| committer | Yonghong Zhu <yonghong.zhu@intel.com> | 2016-10-17 13:26:22 +0800 |
| commit | 245cda6641ade1f1013c2d5c9c838f2706636828 (patch) | |
| tree | bcb62157329d86345fdd7eb3c7d1a30eac94c310 | |
| parent | 4dd8787a20e2b74cfcc297253f237e0ac86c9289 (diff) | |
| download | edk2-245cda6641ade1f1013c2d5c9c838f2706636828.tar.gz edk2-245cda6641ade1f1013c2d5c9c838f2706636828.tar.bz2 edk2-245cda6641ade1f1013c2d5c9c838f2706636828.zip | |
BaseTools: Update sign tool to make MonotonicCount *after* Payload
The WIN_CERTIFICATE_UEFI_GUID AuthInfo defined in the UEFI spec
mentioned that It is a signature across the image data and the
Monotonic Count value. After clarification, we do the signature
calculation, we put MonotonicCount after Payload.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Jiewen Yao <jiewen.yao@intel.com>
| -rw-r--r-- | BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py | 8 | ||||
| -rw-r--r-- | BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 8 |
2 files changed, 8 insertions, 8 deletions
diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py index b9f8c066a7..f0b2d8a559 100644 --- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py +++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py @@ -197,8 +197,8 @@ if __name__ == '__main__': print 'ERROR: test other public cert file %s missing' % (args.OtherPublicCertFileName)
sys.exit(1)
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
#
# Sign the input file using the specified private key and capture signature from STDOUT
@@ -261,8 +261,8 @@ if __name__ == '__main__': args.SignatureBuffer = args.InputFileBuffer[0:SignatureSize]
args.InputFileBuffer = args.InputFileBuffer[SignatureSize:]
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
#
# Save output file contents from input file
diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py index 34106680ee..199ebec1bb 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py @@ -169,8 +169,8 @@ if __name__ == '__main__': if args.Encode:
FullInputFileBuffer = args.InputFileBuffer
if args.MonotonicCountStr:
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
#
# Sign the input file using the specified private key and capture signature from STDOUT
#
@@ -212,8 +212,8 @@ if __name__ == '__main__': FullInputFileBuffer = args.InputFileBuffer
if args.MonotonicCountStr:
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
#
# Write Signature to output file
|