debian/0000775000000000000000000000000012323243555007174 5ustar debian/copyright0000664000000000000000000000735412073002704011127 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: sbsigntool Upstream-Contact: Jeremy Kerr Source: git://kernel.ubuntu.com/jk/sbsigntool Files: * Copyright: 2012 Canonical Ltd License: GPL-3+ with OpenSSL exception This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. . On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-3'. . In addition, as a special exception, the copyright holders give permission to link the code of portions of this program with the OpenSSL library under certain conditions as described in each individual source file, and distribute linked combinations including the two. . You must obey the GNU General Public License in all respects for all of the code used other than OpenSSL. If you modify file(s) with this exception, you may extend this exception to your version of the file(s), but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. If you delete this exception statement from all source files in the program, then also delete it here. Files: coff/* Copyright: 1999-2010 Free Software Foundation, Inc. License: GPL-3+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. . On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-3'. Files: lib/ccan/ccan/talloc/* Copyright: 2004-2005 Andrew Tridgell, 2006 Stefan Metzmacher License: LGPL-2+ This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. . You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. . On Debian GNU/Linux systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/LGPL-2'. debian/source/0000775000000000000000000000000012212717444010474 5ustar debian/source/format0000664000000000000000000000001412073002704011671 0ustar 3.0 (quilt) debian/changelog0000664000000000000000000000673112323243555011055 0ustar sbsigntool (0.6-0ubuntu7) trusty; urgency=medium * debian/patches/del-duplicate-define.patch: Remove duplicate define. * debian/patches/zero-sized-sections.patch: Fix failure in sbsigntool when it encouters zero-sized PE/COFF image sections (LP: #1252288). * debian/patches/arm-arm64-support.patch: Support signing ARM images. -- Adam Conrad Tue, 15 Apr 2014 14:54:42 +0100 sbsigntool (0.6-0ubuntu6) trusty; urgency=low * debian/patches/add_corrected_efivars_magic.patch: Cherry-picked upstream fix to add corrected efivars magic (LP: #1257305) -- Jean-Baptiste Lallement Tue, 03 Dec 2013 15:50:45 +0100 sbsigntool (0.6-0ubuntu5) saucy; urgency=low * debian/patches/ignore-certificate-expiries.patch: ignore certificate expiries when verifying signatures. Closes LP: #1234649. -- Steve Langasek Fri, 04 Oct 2013 01:43:03 +0000 sbsigntool (0.6-0ubuntu4) saucy; urgency=low * debian/patches/efi_arch_ia32.patch: Use AC_CANONICAL_HOST, not uname -m, to determine target. Closes LP: #1066038. * debian/patches/Align-signature-data-to-8-bytes.patch: Align signature data to 8 bytes. This matches the Microsoft signing implementation, which enables us to use sbattach to verify the integrity of the binaries returned by the SysDev signing service. * debian/patches/update_checksums.patch: make sure we update the PE checksum field as well, also needed for matching the Microsoft signing implementation. * debian/patches/fix-signature-padding.patch: fix calculation of the size of our signature data, so that we don't write out extra zeroes when we detach a signature. -- Steve Langasek Fri, 23 Aug 2013 21:07:17 -0700 sbsigntool (0.6-0ubuntu3) saucy; urgency=low * Build-depend on gcc-multilib to support building the test suite. -- Colin Watson Mon, 17 Jun 2013 11:53:31 +0100 sbsigntool (0.6-0ubuntu2) raring; urgency=low * Mark sbsigntool Multi-Arch: foreign. -- Colin Watson Tue, 08 Jan 2013 12:20:42 +0000 sbsigntool (0.6-0ubuntu1) quantal; urgency=low * New upstream release. - Uses the new mount point for the efivars directory, for compatibility with the pending upstream kernel patches and compatibility with what mountall is doing. LP: #1063061. - Fixes sbverify verification of the pkcs7 bundles that Microsoft-signed binaries deliver to us, enabling us to do build-time verification of shim-signed. -- Steve Langasek Thu, 11 Oct 2012 17:24:56 -0700 sbsigntool (0.4-0ubuntu2) quantal; urgency=low * Fix FTBFS on i386 by defining EFI_ARCH to ia32 instead of uname. -- Adam Conrad Tue, 02 Oct 2012 07:44:59 -0600 sbsigntool (0.4-0ubuntu1) quantal; urgency=low * New upstream release. * Add new uuid-dev and gnu-efi build dependancies. -- Andy Whitcroft Tue, 02 Oct 2012 10:15:17 +0100 sbsigntool (0.3-0ubuntu2) quantal; urgency=low * Only build on amd64 and i386 (LP: #1020771). -- Colin Watson Mon, 01 Oct 2012 10:53:56 +0100 sbsigntool (0.3-0ubuntu1) quantal; urgency=low * New upstream release. -- Steve Langasek Sat, 30 Jun 2012 01:37:52 +0000 sbsigntool (0.2-0ubuntu1) quantal; urgency=low * Initial release. -- Steve Langasek Thu, 28 Jun 2012 01:47:06 +0000 debian/compat0000664000000000000000000000000212073002704010361 0ustar 9 debian/rules0000775000000000000000000000015312212721131010237 0ustar #!/usr/bin/make -f export AUTOMAKE=automake-1.11 export ACLOCAL=aclocal-1.11 %: dh $@ --with=autoreconf debian/control0000664000000000000000000000135012323243365010575 0ustar Source: sbsigntool Section: utils Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Steve Langasek Standards-Version: 3.9.3 Build-Depends: binutils-dev, debhelper (>= 9), libssl-dev, help2man, openssl, pkg-config, uuid-dev, gnu-efi, gcc-multilib, dh-autoreconf, automake1.11 Vcs-Bzr: lp:ubuntu/sbsigntool Package: sbsigntool Architecture: any-amd64 any-i386 Multi-Arch: foreign Depends: ${shlibs:Depends}, ${misc:Depends} Description: utility for signing and verifying files for UEFI Secure Boot This package provides utilities that can be used for signing PE programs for use with UEFI Secure Boot, and for verifying the signatures included in the same. debian/patches/0000775000000000000000000000000012323235027010616 5ustar debian/patches/fix-signature-padding.patch0000664000000000000000000000217112223415055016031 0ustar Description: fix calculation of the size of our signature data The 'size' field of the certificate table header includes the size of the header itself. When parsing a signed file, we should therefore subtract the size of this header from the field representing the size of the pkcs7 data packet; otherwise when we detach (and subsequently reattach) a signature, we wind up with 8 extra bytes of zeroes at the end each time. Fixing this ensures that detaching and signature and then reattaching it to the file gives us back the original file. Author: Steve Langasek Last-Update: 2013-09-07 Index: sbsigntool-0.6/src/image.c =================================================================== --- sbsigntool-0.6.orig/src/image.c +++ sbsigntool-0.6/src/image.c @@ -285,7 +285,7 @@ if (cert_table && cert_table->revision == CERT_TABLE_REVISION && cert_table->type == CERT_TABLE_TYPE_PKCS && cert_table->size < size) { - image->sigsize = cert_table->size; + image->sigsize = cert_table->size - sizeof(*cert_table); image->sigbuf = talloc_memdup(image, cert_table + 1, image->sigsize); } debian/patches/efi_arch_ia32.patch0000664000000000000000000000244712036126614014226 0ustar From ffbf59032c9dff0afc19490f012066d4bbd5a0c3 Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 12 Oct 2012 16:48:53 -0700 Subject: [PATCH] Use AC_CANONICAL_HOST, not uname -m, to determine target The EFI architecture should be set from the standard autoconf macros, not from uname -m. Uname -m is wrong not just when cross-building, but also when running 32-bit userspace on a 64-bit kernel. Ref: https://bugs.launchpad.net/bugs/1066038 --- configure.ac | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 0d8f0bb..a693d96 100644 --- a/configure.ac +++ b/configure.ac @@ -7,6 +7,8 @@ AC_PREREQ(2.60) AC_CONFIG_HEADERS(config.h) AC_CONFIG_SRCDIR(src/sbsign.c) +AC_CANONICAL_HOST + AM_PROG_AS AC_PROG_CC AM_PROG_CC_C_O @@ -64,7 +66,18 @@ PKG_CHECK_MODULES(uuid, uuid, AC_MSG_ERROR([libuuid (from the uuid package) is required])) dnl gnu-efi headers require extra include dirs -EFI_ARCH=$(uname -m) +case $host_cpu in + x86_64) + EFI_ARCH=$host_cpu + ;; + i*86) + EFI_ARCH=ia32 + ;; + *) + AC_MSG_ERROR([unsupported EFI architecture $host_cpu]) + ;; +esac + EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ -DEFI_FUNCTION_WRAPPER" CPPFLAGS_save="$CPPFLAGS" -- 1.7.10.4 debian/patches/update_checksums.patch0000664000000000000000000001735512212717266015210 0ustar From: Steve Langasek Update the PE checksum field using the somewhat-underdocumented algorithm, so that we match the Microsoft implementation in our signature generation. Signed-off-by: Jeremy Kerr --- autogen.sh | 2 - src/image.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) Index: sbsigntool-0.6/src/image.c =================================================================== --- sbsigntool-0.6.orig/src/image.c +++ sbsigntool-0.6/src/image.c @@ -38,6 +38,7 @@ #include #include +#include #include #include #include @@ -129,6 +130,62 @@ return 0; } +static uint16_t csum_update_fold(uint16_t csum, uint16_t x) +{ + uint32_t new = csum + x; + new = (new >> 16) + (new & 0xffff); + return new; +} + +static uint16_t csum_bytes(uint16_t checksum, void *buf, size_t len) +{ + unsigned int i; + uint16_t *p; + + for (i = 0; i < len; i += sizeof(*p)) { + p = buf + i; + checksum = csum_update_fold(checksum, *p); + } + + return checksum; +} + +static void image_pecoff_update_checksum(struct image *image, + struct cert_table_header *cert_table) +{ + bool is_signed = image->sigsize && image->sigbuf; + uint32_t checksum; + + /* We carefully only include the signature data in the checksum (and + * in the file length) if we're outputting the signature. Otherwise, + * in case of signature removal, the signature data is in the buffer + * we read in (as indicated by image->size), but we do *not* want to + * checksum it. + * + * We also skip the 32-bits of checksum data in the PE/COFF header. + */ + checksum = csum_bytes(0, image->buf, + (void *)image->checksum - (void *)image->buf); + checksum = csum_bytes(checksum, + image->checksum + 1, + (void *)(image->buf + image->data_size) - + (void *)(image->checksum + 1)); + + if (is_signed) { + checksum = csum_bytes(checksum, + cert_table, sizeof(*cert_table)); + + checksum = csum_bytes(checksum, image->sigbuf, image->sigsize); + } + + checksum += image->data_size; + + if (is_signed) + checksum += sizeof(*cert_table) + image->sigsize; + + *(image->checksum) = cpu_to_le32(checksum); +} + static int image_pecoff_parse(struct image *image) { struct cert_table_header *cert_table; @@ -524,6 +581,8 @@ image->data_dir_sigtable->size = 0; } + image_pecoff_update_checksum(image, &cert_table_header); + fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, 0644); if (fd < 0) { perror("open"); --- /dev/null +++ sbsigntool-0.6/lib/ccan/ccan/endian/endian.h @@ -0,0 +1,227 @@ +/* Licensed under LGPLv2.1+ - see LICENSE file for details */ +#ifndef CCAN_ENDIAN_H +#define CCAN_ENDIAN_H +#include +#include "config.h" + +#if HAVE_BYTESWAP_H +#include +#else +/** + * bswap_16 - reverse bytes in a uint16_t value. + * @val: value whose bytes to swap. + * + * Example: + * // Output contains "1024 is 4 as two bytes reversed" + * printf("1024 is %u as two bytes reversed\n", bswap_16(1024)); + */ +static inline uint16_t bswap_16(uint16_t val) +{ + return ((val & (uint16_t)0x00ffU) << 8) + | ((val & (uint16_t)0xff00U) >> 8); +} + +/** + * bswap_32 - reverse bytes in a uint32_t value. + * @val: value whose bytes to swap. + * + * Example: + * // Output contains "1024 is 262144 as four bytes reversed" + * printf("1024 is %u as four bytes reversed\n", bswap_32(1024)); + */ +static inline uint32_t bswap_32(uint32_t val) +{ + return ((val & (uint32_t)0x000000ffUL) << 24) + | ((val & (uint32_t)0x0000ff00UL) << 8) + | ((val & (uint32_t)0x00ff0000UL) >> 8) + | ((val & (uint32_t)0xff000000UL) >> 24); +} +#endif /* !HAVE_BYTESWAP_H */ + +#if !HAVE_BSWAP_64 +/** + * bswap_64 - reverse bytes in a uint64_t value. + * @val: value whose bytes to swap. + * + * Example: + * // Output contains "1024 is 1125899906842624 as eight bytes reversed" + * printf("1024 is %llu as eight bytes reversed\n", + * (unsigned long long)bswap_64(1024)); + */ +static inline uint64_t bswap_64(uint64_t val) +{ + return ((val & (uint64_t)0x00000000000000ffULL) << 56) + | ((val & (uint64_t)0x000000000000ff00ULL) << 40) + | ((val & (uint64_t)0x0000000000ff0000ULL) << 24) + | ((val & (uint64_t)0x00000000ff000000ULL) << 8) + | ((val & (uint64_t)0x000000ff00000000ULL) >> 8) + | ((val & (uint64_t)0x0000ff0000000000ULL) >> 24) + | ((val & (uint64_t)0x00ff000000000000ULL) >> 40) + | ((val & (uint64_t)0xff00000000000000ULL) >> 56); +} +#endif + +/* Sanity check the defines. We don't handle weird endianness. */ +#if !HAVE_LITTLE_ENDIAN && !HAVE_BIG_ENDIAN +#error "Unknown endian" +#elif HAVE_LITTLE_ENDIAN && HAVE_BIG_ENDIAN +#error "Can't compile for both big and little endian." +#endif + +/** + * cpu_to_le64 - convert a uint64_t value to little-endian + * @native: value to convert + */ +static inline uint64_t cpu_to_le64(uint64_t native) +{ +#if HAVE_LITTLE_ENDIAN + return native; +#else + return bswap_64(native); +#endif +} + +/** + * cpu_to_le32 - convert a uint32_t value to little-endian + * @native: value to convert + */ +static inline uint32_t cpu_to_le32(uint32_t native) +{ +#if HAVE_LITTLE_ENDIAN + return native; +#else + return bswap_32(native); +#endif +} + +/** + * cpu_to_le16 - convert a uint16_t value to little-endian + * @native: value to convert + */ +static inline uint16_t cpu_to_le16(uint16_t native) +{ +#if HAVE_LITTLE_ENDIAN + return native; +#else + return bswap_16(native); +#endif +} + +/** + * le64_to_cpu - convert a little-endian uint64_t value + * @le_val: little-endian value to convert + */ +static inline uint64_t le64_to_cpu(uint64_t le_val) +{ +#if HAVE_LITTLE_ENDIAN + return le_val; +#else + return bswap_64(le_val); +#endif +} + +/** + * le32_to_cpu - convert a little-endian uint32_t value + * @le_val: little-endian value to convert + */ +static inline uint32_t le32_to_cpu(uint32_t le_val) +{ +#if HAVE_LITTLE_ENDIAN + return le_val; +#else + return bswap_32(le_val); +#endif +} + +/** + * le16_to_cpu - convert a little-endian uint16_t value + * @le_val: little-endian value to convert + */ +static inline uint16_t le16_to_cpu(uint16_t le_val) +{ +#if HAVE_LITTLE_ENDIAN + return le_val; +#else + return bswap_16(le_val); +#endif +} + +/** + * cpu_to_be64 - convert a uint64_t value to big endian. + * @native: value to convert + */ +static inline uint64_t cpu_to_be64(uint64_t native) +{ +#if HAVE_LITTLE_ENDIAN + return bswap_64(native); +#else + return native; +#endif +} + +/** + * cpu_to_be32 - convert a uint32_t value to big endian. + * @native: value to convert + */ +static inline uint32_t cpu_to_be32(uint32_t native) +{ +#if HAVE_LITTLE_ENDIAN + return bswap_32(native); +#else + return native; +#endif +} + +/** + * cpu_to_be16 - convert a uint16_t value to big endian. + * @native: value to convert + */ +static inline uint16_t cpu_to_be16(uint16_t native) +{ +#if HAVE_LITTLE_ENDIAN + return bswap_16(native); +#else + return native; +#endif +} + +/** + * be64_to_cpu - convert a big-endian uint64_t value + * @be_val: big-endian value to convert + */ +static inline uint64_t be64_to_cpu(uint64_t be_val) +{ +#if HAVE_LITTLE_ENDIAN + return bswap_64(be_val); +#else + return be_val; +#endif +} + +/** + * be32_to_cpu - convert a big-endian uint32_t value + * @be_val: big-endian value to convert + */ +static inline uint32_t be32_to_cpu(uint32_t be_val) +{ +#if HAVE_LITTLE_ENDIAN + return bswap_32(be_val); +#else + return be_val; +#endif +} + +/** + * be16_to_cpu - convert a big-endian uint16_t value + * @be_val: big-endian value to convert + */ +static inline uint16_t be16_to_cpu(uint16_t be_val) +{ +#if HAVE_LITTLE_ENDIAN + return bswap_16(be_val); +#else + return be_val; +#endif +} + +#endif /* CCAN_ENDIAN_H */ debian/patches/del-duplicate-define.patch0000664000000000000000000000126412323234132015602 0ustar commit f09bf94b29cf050e7c489d8bd771b4392b3111ea Author: Ard Biesheuvel Date: Tue Nov 19 09:23:31 2013 +0100 sbsigntool: remove doubly defined IMAGE_FILE_MACHINE_AMD64 Signed-off-by: Ard Biesheuvel diff --git a/src/coff/pe.h b/src/coff/pe.h index 601a68e..3a43174 100644 --- a/src/coff/pe.h +++ b/src/coff/pe.h @@ -151,7 +151,6 @@ #define IMAGE_FILE_MACHINE_THUMB 0x01c2 #define IMAGE_FILE_MACHINE_TRICORE 0x0520 #define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 -#define IMAGE_FILE_MACHINE_AMD64 0x8664 #define IMAGE_SUBSYSTEM_UNKNOWN 0 #define IMAGE_SUBSYSTEM_NATIVE 1 debian/patches/add_corrected_efivars_magic.patch0000664000000000000000000000131312251622453017301 0ustar Index: sbsigntool/src/sbkeysync.c =================================================================== --- sbsigntool.orig/src/sbkeysync.c 2013-12-03 15:45:49.007312000 +0100 +++ sbsigntool/src/sbkeysync.c 2013-12-03 15:47:47.396135699 +0100 @@ -56,7 +56,8 @@ #include "efivars.h" #define EFIVARS_MOUNTPOINT "/sys/firmware/efi/efivars" -#define EFIVARS_FSTYPE 0x6165676C +#define PSTORE_FSTYPE 0x6165676C +#define EFIVARS_FSTYPE 0xde5e81e4 #define EFI_IMAGE_SECURITY_DATABASE_GUID \ { 0xd719b2cb, 0x3d3a, 0x4596, \ @@ -533,7 +534,7 @@ if (rc) return -1; - if (statbuf.f_type != EFIVARS_FSTYPE) + if (statbuf.f_type != EFIVARS_FSTYPE && statbuf.f_type != PSTORE_FSTYPE) return -1; return 0; debian/patches/Align-signature-data-to-8-bytes.patch0000664000000000000000000000172212206030400017476 0ustar From 8b6b7a9904881757254b92a928b95dfb8634605b Mon Sep 17 00:00:00 2001 From: Steve Langasek Date: Fri, 12 Oct 2012 16:27:13 -0700 Subject: [PATCH] Align signature data to 8 bytes Before appending the signature data to our binary, pad the file out to 8-byte alignment. This matches the Microsoft signing implementation, which enables us to use sbattach to verify the integrity of the binaries returned by the SysDev signing service. --- src/image.c | 2 ++ 1 file changed, 2 insertions(+) Index: sbsigntool-0.6/src/image.c =================================================================== --- sbsigntool-0.6.orig/src/image.c +++ sbsigntool-0.6/src/image.c @@ -425,6 +425,8 @@ * we've calculated during the pecoff parsing, so we need to redo that * too. */ + image->data_size = align_up(image->data_size, 8); + if (image->data_size > image->size) { image->buf = talloc_realloc(image, image->buf, uint8_t, image->data_size); debian/patches/ignore-certificate-expiries.patch0000664000000000000000000000164112223415440017230 0ustar Description: ignore certificate expiries when verifying signatures The UEFI implementation explicitly ignores all errors due to expired (or not yet valid) signatures. Ensure that sbverify behaves compatibly. Author: Steve Langasek Bug-Ubuntu: https://bugs.launchpad.net/bugs/1234649. Last-Update: 2013-10-03 Index: sbsigntool-0.6/src/sbverify.c =================================================================== --- sbsigntool-0.6.orig/src/sbverify.c +++ sbsigntool-0.6/src/sbverify.c @@ -206,6 +206,13 @@ if (cert_in_store(ctx->current_cert, ctx)) status = 1; } + /* UEFI doesn't care about expired signatures, so we shouldn't either. */ + else if (err == X509_V_ERR_CERT_HAS_EXPIRED || + err == X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD || + err == X509_V_ERR_CERT_NOT_YET_VALID || + err == X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD) { + status = 1; + } return status; } debian/patches/arm-arm64-support.patch0000664000000000000000000000312312323234340015053 0ustar commit a3413e76f95472639d1b25f0564105d8bb4e2837 Author: Ard Biesheuvel Date: Tue Nov 19 09:25:32 2013 +0100 sbsigntool: add support for ARM and Aarch64 PE/COFF images Note that for the ARM case, we are using IMAGE_FILE_MACHINE_THUMB (0x1c2) rather than IMAGE_FILE_MACHINE_ARM (0x1c0), as the latter refers to an older calling convention that is incompatible with Tianocore UEFI. Signed-off-by: Ard Biesheuvel diff --git a/src/coff/pe.h b/src/coff/pe.h index 3a43174..0d1036e 100644 --- a/src/coff/pe.h +++ b/src/coff/pe.h @@ -151,6 +151,7 @@ #define IMAGE_FILE_MACHINE_THUMB 0x01c2 #define IMAGE_FILE_MACHINE_TRICORE 0x0520 #define IMAGE_FILE_MACHINE_WCEMIPSV2 0x0169 +#define IMAGE_FILE_MACHINE_AARCH64 0xaa64 #define IMAGE_SUBSYSTEM_UNKNOWN 0 #define IMAGE_SUBSYSTEM_NATIVE 1 diff --git a/src/image.c b/src/image.c index c30d6e3..d6e3c48 100644 --- a/src/image.c +++ b/src/image.c @@ -232,13 +232,16 @@ static int image_pecoff_parse(struct image *image) image->opthdr.addr = image->pehdr + 1; magic = pehdr_u16(image->pehdr->f_magic); - if (magic == IMAGE_FILE_MACHINE_AMD64) { + switch (magic) { + case IMAGE_FILE_MACHINE_AMD64: + case IMAGE_FILE_MACHINE_AARCH64: rc = image_pecoff_parse_64(image); - - } else if (magic == IMAGE_FILE_MACHINE_I386) { + break; + case IMAGE_FILE_MACHINE_I386: + case IMAGE_FILE_MACHINE_THUMB: rc = image_pecoff_parse_32(image); - - } else { + break; + default: fprintf(stderr, "Invalid PE header magic\n"); return -1; } debian/patches/zero-sized-sections.patch0000664000000000000000000000520412323234163015560 0ustar commit 8f596c238f36723c803e45dfb1f6f817e67bc51d Author: Ard Biesheuvel Date: Tue Nov 19 09:24:10 2013 +0100 sbsigntool: fix handling of zero sized sections The loop that iterates over the PE/COFF sections correctly skips zero sized sections, but still increments the loop index 'i'. This results in subsequent iterations poking into unallocated memory. Signed-off-by: Ard Biesheuvel diff --git a/src/image.c b/src/image.c index a34f117..c30d6e3 100644 --- a/src/image.c +++ b/src/image.c @@ -366,6 +366,7 @@ static int image_find_regions(struct image *image) /* add COFF sections */ for (i = 0; i < image->sections; i++) { uint32_t file_offset, file_size; + int n; file_offset = pehdr_u32(image->scnhdr[i].s_scnptr); file_size = pehdr_u32(image->scnhdr[i].s_size); @@ -373,39 +374,39 @@ static int image_find_regions(struct image *image) if (!file_size) continue; - image->n_checksum_regions++; + n = image->n_checksum_regions++; image->checksum_regions = talloc_realloc(image, image->checksum_regions, struct region, image->n_checksum_regions); regions = image->checksum_regions; - regions[i + 3].data = buf + file_offset; - regions[i + 3].size = align_up(file_size, + regions[n].data = buf + file_offset; + regions[n].size = align_up(file_size, image->file_alignment); - regions[i + 3].name = talloc_strndup(image->checksum_regions, + regions[n].name = talloc_strndup(image->checksum_regions, image->scnhdr[i].s_name, 8); - bytes += regions[i + 3].size; + bytes += regions[n].size; - if (file_offset + regions[i+3].size > image->size) { + if (file_offset + regions[n].size > image->size) { fprintf(stderr, "warning: file-aligned section %s " "extends beyond end of file\n", - regions[i+3].name); + regions[n].name); } - if (regions[i+2].data + regions[i+2].size - != regions[i+3].data) { + if (regions[n-1].data + regions[n-1].size + != regions[n].data) { fprintf(stderr, "warning: gap in section table:\n"); fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n", - regions[i+2].name, - regions[i+2].data - buf, - regions[i+2].data + - regions[i+2].size - buf); + regions[n-1].name, + regions[n-1].data - buf, + regions[n-1].data + + regions[n-1].size - buf); fprintf(stderr, " %-8s: 0x%08tx - 0x%08tx,\n", - regions[i+3].name, - regions[i+3].data - buf, - regions[i+3].data + - regions[i+3].size - buf); + regions[n].name, + regions[n].data - buf, + regions[n].data + + regions[n].size - buf); gap_warn = 1; debian/patches/series0000664000000000000000000000037612323235027012041 0ustar efi_arch_ia32.patch Align-signature-data-to-8-bytes.patch update_checksums.patch fix-signature-padding.patch ignore-certificate-expiries.patch add_corrected_efivars_magic.patch del-duplicate-define.patch zero-sized-sections.patch arm-arm64-support.patch