Add -f option to give a firmware signature file. Signed-off-by: Takashi Iwai <tiwai@xxxxxxx> --- scripts/sign-file | 30 +++++++++++++++++++++++------- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/scripts/sign-file b/scripts/sign-file index 45c771d..c1c96e7 100755 --- a/scripts/sign-file +++ b/scripts/sign-file @@ -4,7 +4,7 @@ # # Format: # -# ./scripts/sign-file [-v] [-a algo] <key> <x509> <module> [<dest>] +# ./scripts/sign-file [-v] [-f] [-a algo] <key> <x509> <module> [<dest>] # # use strict; @@ -16,16 +16,19 @@ sub usage() { print "Format: ./scripts/sign-file [options] <key> <x509> <module> [<dest>] -v verbose output + -f create a firmware signature file -a algo specify hash algorithm "; exit; } my $verbose = 0; +my $sign_fw = 0; my $hashalgo = ""; GetOptions( 'v|verbose' => \$verbose, + 'f|firmware' => \$sign_fw, 'a|algo=s' => \$hashalgo) || usage(); usage() if ($#ARGV != 2 && $#ARGV != 3); @@ -33,11 +36,12 @@ usage() if ($#ARGV != 2 && $#ARGV != 3); my $private_key = $ARGV[0]; my $x509 = $ARGV[1]; my $module = $ARGV[2]; -my $dest = ($#ARGV == 3) ? $ARGV[3] : $ARGV[2] . "~"; +my $dest = $ARGV[3] ? $ARGV[3] : $ARGV[2] . ".sig"; +my $mode_name = $sign_fw ? "firmware" : "module"; die "Can't read private key\n" unless (-r $private_key); die "Can't read X.509 certificate\n" unless (-r $x509); -die "Can't read module\n" unless (-r $module); +die "Can't read $mode_name\n" unless (-r $module); # # Read the kernel configuration @@ -416,7 +420,9 @@ die "openssl rsautl died: $?" if ($? >> 8); # my $unsigned_module = read_file($module); -my $magic_number = "~Module signature appended~\n"; +my $magic_number = $sign_fw ? + "~Linux firmware signature~\n" : + "~Module signature appended~\n"; my $info = pack("CCCCCxxxN", $algo, $hash, $id_type, @@ -425,7 +431,7 @@ my $info = pack("CCCCCxxxN", length($signature)); if ($verbose) { - print "Size of unsigned module: ", length($unsigned_module), "\n"; + print "Size of unsigned $mode_name: ", length($unsigned_module), "\n"; print "Size of signer's name : ", length($signers_name), "\n"; print "Size of key identifier : ", length($key_identifier), "\n"; print "Size of signature : ", length($signature), "\n"; @@ -437,7 +443,16 @@ if ($verbose) { open(FD, ">$dest") || die $dest; binmode FD; -print FD +if ($sign_fw) { + print FD + $magic_number, + $info, + $signers_name, + $key_identifier, + $signature + ; +} else { + print FD $unsigned_module, $signers_name, $key_identifier, @@ -445,8 +460,9 @@ print FD $info, $magic_number ; +} close FD || die $dest; -if ($#ARGV != 3) { +if (!$sign_fw && $#ARGV != 3) { rename($dest, $module) || die $module; } -- 1.8.0 -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html