The WIN_CERTIFICATE_UEFI_GUID AuthInfo defined in the UEFI spec
mentioned that It is a signature across the image data and the
Monotonic Count value. After clarification, we do the signature
calculation, we put MonotonicCount after Payload.
Cc: Liming Gao <liming....@intel.com>
Cc: Jiewen Yao <jiewen....@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong....@intel.com>
---
BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py | 8 ++++----
BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 8 ++++----
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
index b9f8c06..f0b2d8a 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
+++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
@@ -195,12 +195,12 @@ if __name__ == '__main__':
args.OtherPublicCertFile.close()
except:
print 'ERROR: test other public cert file %s missing' %
(args.OtherPublicCertFileName)
sys.exit(1)
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue,
args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer,
args.MonotonicCountValue)
#
# Sign the input file using the specified private key and capture
signature from STDOUT
#
Process = subprocess.Popen('%s smime -sign -binary -signer "%s" -outform
DER -md sha256 -certfile "%s"' % (OpenSslCommand,
args.SignerPrivateCertFileName, args.OtherPublicCertFileName),
stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@@ -259,12 +259,12 @@ if __name__ == '__main__':
sys.exit(1)
args.SignatureBuffer = args.InputFileBuffer[0:SignatureSize]
args.InputFileBuffer = args.InputFileBuffer[SignatureSize:]
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue,
args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer,
args.MonotonicCountValue)
#
# Save output file contents from input file
#
open(args.OutputFileName, 'wb').write(FullInputFileBuffer)
diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
index 3410668..199ebec 100644
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
@@ -167,12 +167,12 @@ if __name__ == '__main__':
pass
if args.Encode:
FullInputFileBuffer = args.InputFileBuffer
if args.MonotonicCountStr:
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue,
args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer,
args.MonotonicCountValue)
#
# Sign the input file using the specified private key and capture
signature from STDOUT
#
Process = subprocess.Popen('%s sha256 -sign "%s"' % (OpenSslCommand,
args.PrivateKeyFileName), stdin=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
Signature = Process.communicate(input=FullInputFileBuffer)[0]
@@ -210,12 +210,12 @@ if __name__ == '__main__':
print 'ERROR: Public key in input file does not match public key from
private key file'
sys.exit(1)
FullInputFileBuffer = args.InputFileBuffer
if args.MonotonicCountStr:
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue,
args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer,
args.MonotonicCountValue)
#
# Write Signature to output file
#
open(args.OutputFileName, 'wb').write(Header.Signature)
--
2.6.1.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
