BaseTools: Update sign tool to make MonotonicCount *after* Payload

The WIN_CERTIFICATE_UEFI_GUID AuthInfo defined in the UEFI spec
mentioned that It is a signature across the image data and the
Monotonic Count value. After clarification, we do the signature
calculation, we put MonotonicCount after Payload.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Jiewen Yao <jiewen.yao@intel.com>
This commit is contained in:
Yonghong Zhu 2016-10-13 15:59:06 +08:00
parent 4dd8787a20
commit 245cda6641
2 changed files with 8 additions and 8 deletions

View File

@ -197,8 +197,8 @@ if __name__ == '__main__':
print 'ERROR: test other public cert file %s missing' % (args.OtherPublicCertFileName) print 'ERROR: test other public cert file %s missing' % (args.OtherPublicCertFileName)
sys.exit(1) sys.exit(1)
format = "Q%ds" % len(args.InputFileBuffer) format = "%dsQ" % len(args.InputFileBuffer)
FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer) FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
# #
# Sign the input file using the specified private key and capture signature from STDOUT # Sign the input file using the specified private key and capture signature from STDOUT
@ -261,8 +261,8 @@ if __name__ == '__main__':
args.SignatureBuffer = args.InputFileBuffer[0:SignatureSize] args.SignatureBuffer = args.InputFileBuffer[0:SignatureSize]
args.InputFileBuffer = args.InputFileBuffer[SignatureSize:] args.InputFileBuffer = args.InputFileBuffer[SignatureSize:]
format = "Q%ds" % len(args.InputFileBuffer) format = "%dsQ" % len(args.InputFileBuffer)
FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer) FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
# #
# Save output file contents from input file # Save output file contents from input file

View File

@ -169,8 +169,8 @@ if __name__ == '__main__':
if args.Encode: if args.Encode:
FullInputFileBuffer = args.InputFileBuffer FullInputFileBuffer = args.InputFileBuffer
if args.MonotonicCountStr: if args.MonotonicCountStr:
format = "Q%ds" % len(args.InputFileBuffer) format = "%dsQ" % len(args.InputFileBuffer)
FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer) FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
# #
# Sign the input file using the specified private key and capture signature from STDOUT # Sign the input file using the specified private key and capture signature from STDOUT
# #
@ -212,8 +212,8 @@ if __name__ == '__main__':
FullInputFileBuffer = args.InputFileBuffer FullInputFileBuffer = args.InputFileBuffer
if args.MonotonicCountStr: if args.MonotonicCountStr:
format = "Q%ds" % len(args.InputFileBuffer) format = "%dsQ" % len(args.InputFileBuffer)
FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer) FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
# #
# Write Signature to output file # Write Signature to output file