於 四,2012-11-08 於 18:35 +0100,Takashi Iwai 提到:
> Add a new option -a to sign-file for specifying the hash algorithm
> to sign a file, to make it working without .config file.
> This will be useful signing external module or firmware files.
>
> Signed-off-by: Takashi Iwai <tiwai@xxxxxxx>
Tested-by: Chun-Yi Lee<jlee@xxxxxxxx>
Joey Lee
> ---
> scripts/sign-file | 40 ++++++++++++++++++++++++++++------------
> 1 file changed, 28 insertions(+), 12 deletions(-)
>
> diff --git a/scripts/sign-file b/scripts/sign-file
> index 5b9d44d..581cdcd 100755
> --- a/scripts/sign-file
> +++ b/scripts/sign-file
> @@ -4,7 +4,7 @@
> #
> # Format:
> #
> -# ./scripts/sign-file [-v] [-f] <key> <x509> <module> [<dest>]
> +# ./scripts/sign-file [-v] [-f] [-a algo] <key> <x509> <module> [<dest>]
> #
> #
> use strict;
> @@ -17,16 +17,19 @@ sub usage()
> print "Format: ./scripts/sign-file [options] <key> <x509> <module> [<dest>]
> -v verbose output
> -f create a firmware signature file
> + -a algo specify hash algorithm
> ";
> exit;
> }
>
> my $verbose = 0;
> +my $hashalgo = "";
> my $sign_fw = 0;
>
> GetOptions(
> 'v|verbose' => \$verbose,
> - 'f|firmware' => \$sign_fw) || usage();
> + 'f|firmware' => \$sign_fw,
> + 'a|algo=s' => \$hashalgo) || usage();
> usage() if ($#ARGV != 2 && $#ARGV != 3);
>
> my $private_key = $ARGV[0];
> @@ -42,10 +45,7 @@ die "Can't read $mode_name\n" unless (-r $module);
> #
> # Read the kernel configuration
> #
> -my %config = (
> - CONFIG_MODULE_SIG_SHA512 => 1
> - );
> -
> +my %config;
> if (-r ".config") {
> open(FD, "<.config") || die ".config";
> while (<FD>) {
> @@ -56,6 +56,22 @@ if (-r ".config") {
> close(FD);
> }
>
> +if ($hashalgo eq "") {
> + if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) {
> + $hashalgo="sha1";
> + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) {
> + $hashalgo="sha224";
> + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) {
> + $hashalgo="sha256";
> + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) {
> + $hashalgo="sha384";
> + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) {
> + $hashalgo="sha512";
> + } else {
> + die "Can't determine hash algorithm";
> + }
> +}
> +
> #
> # Function to read the contents of a file into a variable.
> #
> @@ -332,35 +348,35 @@ my $id_type = 1; # Identifier type: X.509
> # Digest the data
> #
> my ($dgst, $prologue) = ();
> -if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) {
> +if ($hashalgo eq "sha1") {
> $prologue = pack("C*",
> 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
> 0x2B, 0x0E, 0x03, 0x02, 0x1A,
> 0x05, 0x00, 0x04, 0x14);
> $dgst = "-sha1";
> $hash = 2;
> -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) {
> +} elsif ($hashalgo eq "sha224") {
> $prologue = pack("C*",
> 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
> 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
> 0x05, 0x00, 0x04, 0x1C);
> $dgst = "-sha224";
> $hash = 7;
> -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) {
> +} elsif ($hashalgo eq "sha256") {
> $prologue = pack("C*",
> 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
> 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
> 0x05, 0x00, 0x04, 0x20);
> $dgst = "-sha256";
> $hash = 4;
> -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) {
> +} elsif ($hashalgo eq "sha384") {
> $prologue = pack("C*",
> 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
> 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
> 0x05, 0x00, 0x04, 0x30);
> $dgst = "-sha384";
> $hash = 5;
> -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) {
> +} elsif ($hashalgo eq "sha512") {
> $prologue = pack("C*",
> 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
> 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
> @@ -368,7 +384,7 @@ if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) {
> $dgst = "-sha512";
> $hash = 6;
> } else {
> - die "Can't determine hash algorithm";
> + die "Invalid hash algorithm $hashalgo";
> }
>
> #
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
