[PATCH RFC 2/4] scripts/sign-file: Support firmware signing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Add -f option to give a firmware signature file.

Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
---
 scripts/sign-file | 30 +++++++++++++++++++++++-------
 1 file changed, 23 insertions(+), 7 deletions(-)

diff --git a/scripts/sign-file b/scripts/sign-file
index 45c771d..c1c96e7 100755
--- a/scripts/sign-file
+++ b/scripts/sign-file
@@ -4,7 +4,7 @@
 #
 # Format:
 #
-#	./scripts/sign-file [-v] [-a algo] <key> <x509> <module> [<dest>]
+#	./scripts/sign-file [-v] [-f] [-a algo] <key> <x509> <module> [<dest>]
 #
 #
 use strict;
@@ -16,16 +16,19 @@ sub usage()
 {
     print "Format: ./scripts/sign-file [options] <key> <x509> <module> [<dest>]
     -v       verbose output
+    -f       create a firmware signature file
     -a algo  specify hash algorithm
 ";
     exit;
 }
 
 my $verbose = 0;
+my $sign_fw = 0;
 my $hashalgo = "";
 
 GetOptions(
     'v|verbose' => \$verbose,
+    'f|firmware' => \$sign_fw,
     'a|algo=s' => \$hashalgo) || usage();
 
 usage() if ($#ARGV != 2 && $#ARGV != 3);
@@ -33,11 +36,12 @@ usage() if ($#ARGV != 2 && $#ARGV != 3);
 my $private_key = $ARGV[0];
 my $x509 = $ARGV[1];
 my $module = $ARGV[2];
-my $dest = ($#ARGV == 3) ? $ARGV[3] : $ARGV[2] . "~";
+my $dest = $ARGV[3] ? $ARGV[3] : $ARGV[2] . ".sig";
+my $mode_name = $sign_fw ? "firmware" : "module";
 
 die "Can't read private key\n" unless (-r $private_key);
 die "Can't read X.509 certificate\n" unless (-r $x509);
-die "Can't read module\n" unless (-r $module);
+die "Can't read $mode_name\n" unless (-r $module);
 
 #
 # Read the kernel configuration
@@ -416,7 +420,9 @@ die "openssl rsautl died: $?" if ($? >> 8);
 #
 my $unsigned_module = read_file($module);
 
-my $magic_number = "~Module signature appended~\n";
+my $magic_number = $sign_fw ? 
+    "~Linux firmware signature~\n" :
+    "~Module signature appended~\n";
 
 my $info = pack("CCCCCxxxN",
 		$algo, $hash, $id_type,
@@ -425,7 +431,7 @@ my $info = pack("CCCCCxxxN",
 		length($signature));
 
 if ($verbose) {
-    print "Size of unsigned module: ", length($unsigned_module), "\n";
+    print "Size of unsigned $mode_name: ", length($unsigned_module), "\n";
     print "Size of signer's name  : ", length($signers_name), "\n";
     print "Size of key identifier : ", length($key_identifier), "\n";
     print "Size of signature      : ", length($signature), "\n";
@@ -437,7 +443,16 @@ if ($verbose) {
 
 open(FD, ">$dest") || die $dest;
 binmode FD;
-print FD
+if ($sign_fw) {
+    print FD
+    $magic_number,
+    $info,
+    $signers_name,
+    $key_identifier,
+    $signature
+    ;
+} else {
+    print FD
     $unsigned_module,
     $signers_name,
     $key_identifier,
@@ -445,8 +460,9 @@ print FD
     $info,
     $magic_number
     ;
+}
 close FD || die $dest;
 
-if ($#ARGV != 3) {
+if (!$sign_fw && $#ARGV != 3) {
     rename($dest, $module) || die $module;
 }
-- 
1.8.0

--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux