On 16.08.23 19:26, Earl Chew wrote: > Using --with-mem-uservars causes a mismatch with the precomputed > MD5 checksum. To support this use case, first verify the CRC32, > resize the configuration to match the default expected by the > precomputed MD5 checksum, then recompute a matching CRC32. > > Signed-off-by: Earl Chew <[email protected]> > --- > .github/workflows/main.yaml | 4 +- > tests/bg_setenv.bats | 83 +++++++++++++++++++++++++++++++++++-- > 2 files changed, 82 insertions(+), 5 deletions(-) > > diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml > index 38c2b66..23ec0e0 100644 > --- a/.github/workflows/main.yaml > +++ b/.github/workflows/main.yaml > @@ -44,7 +44,7 @@ jobs: > sudo apt-get update > sudo apt-get install --no-install-recommends \ > autoconf-archive gcc-multilib gnu-efi libz-dev libpci-dev > check \ > - bats > + bats libarchive-zip-perl > - name: Install i386 dependencies > if: ${{ matrix.target == 'i386' }} > run: | > @@ -126,8 +126,8 @@ jobs: > ../configure > make check -j $(nproc) > sudo make install > + time bats --tap ../tests > popd >/dev/null > - time bats --tap tests > - name: Build i386 > if: ${{ matrix.target == 'i386' }} > run: | > diff --git a/tests/bg_setenv.bats b/tests/bg_setenv.bats > index 6d0249b..38cf03f 100755 > --- a/tests/bg_setenv.bats > +++ b/tests/bg_setenv.bats > @@ -34,6 +34,75 @@ create_sample_bgenv() { > --revision=1 > } > > +verify_envfile() { > + local envfile=$1 ; shift > + > + local envsize > + envsize=$(wc -c < "$envfile") > + > + local stored > + stored=$(od -tx4 -j $((envsize - 4)) < "$envfile" | awk 'NF>1 {print > $2}') > + > + local computed > + computed=$(crc32 <(head -c $((envsize - 4)) < "$envfile")) > + > + [ -n "$stored$computed" -a "$stored" = "$computed" ] > +} > + > +resize_envfile() { > + local envfile=$1 ; shift > + local targetsize=$1 ; shift > + > + # Before resizing, verify that the contents are uncorrupted to > + # avoid truncating the mismatching checksum. > + > + verify_envfile "$envfile" || return $? > + > + # Only resize if the target size matches the default size > + # named in the configuration. This is primarily a sanity check > + # because the default size is also encoded in the MD5 checksum > + # validation. > + > + grep -qF "ENV_MEM_USERVARS=$targetsize" > "$BATS_TEST_DIRNAME"/../configure.ac || return $? > + > + local envsize > + envsize=$(awk '/ ENV_MEM_USERVARS / { print $3 }' config.h) && > + [ -n "$envsize" ] || { > + echo Expected to find ENV_MEM_USERVARS in $PWD/config.h >&2 > + exit 1 > + } > + > + # Compute the difference between the actual size, and the target > + # size. This will be used to expand or contract the payload to match. > + > + local deltasize=$((targetsize - envsize)) > + [[ $deltasize -lt 0 ]] || deltasize=+$deltasize > + > + # Remove the existing checksum, and then adjust the length > + # to reach the target sizes. > + > + truncate -s -4 "$envfile" && truncate -s "$deltasize" "$envfile" > + > + ls -l "$envfile" >&2 > + > + # Install a checksum that matches the content included or > + # excluded to meet the target size. > + > + local computed > + computed=$(( 0x$(crc32 <(cat "$envfile") ) )) > + echo "$computed" >&2 > + > + local byte0=$(printf %02x $(( (computed >> 0) & 0xff)) ) > + local byte1=$(printf %02x $(( (computed >> 8) & 0xff)) ) > + local byte2=$(printf %02x $(( (computed >> 16) & 0xff)) ) > + local byte3=$(printf %02x $(( (computed >> 24) & 0xff)) ) > + > + printf "%s" "\x$byte0\x$byte1\x$byte2\x$byte3" >&2 > + printf "%b" "\x$byte0\x$byte1\x$byte2\x$byte3" >> "$envfile" > + > + verify_envfile "$envfile" > +} > + > @test "ensure BGENV.DAT backwards compatbility" { > local envfile > envfile="$BATS_TEST_TMPDIR/BGENV.DAT" > @@ -51,6 +120,8 @@ ustate: 0 (OK) > user variables: > foo = bar" ]] > > + resize_envfile "$envfile" 131072 > + > run md5sum "$envfile" > [[ "$output" =~ ^6ad1dd1d98209a03d7b4fc2d2f16f9ec\s*.* ]] > } > @@ -62,9 +133,6 @@ foo = bar" ]] > run bg_setenv -f "$envfile" > [[ "$output" = "Output written to $envfile." ]] > > - run md5sum "$envfile" > - [[ "$output" =~ ^441b49e907a117d2fe1dc1d69d8ea1b0\s*.* ]] > - > run bg_printenv -f "$envfile" > [[ "$output" = "Values: > in_progress: no > @@ -75,6 +143,11 @@ watchdog timeout: 0 seconds > ustate: 0 (OK) > > user variables:" ]] > + > + resize_envfile "$envfile" 131072 > + > + run md5sum "$envfile" > + [[ "$output" =~ ^441b49e907a117d2fe1dc1d69d8ea1b0\s*.* ]] > } > > @test "modify BGENV, discard existing values" { > @@ -95,6 +168,8 @@ ustate: 0 (OK) > > user variables:" ]] > > + resize_envfile "$envfile" 131072 > + > run md5sum "$envfile" > [[ "$output" =~ ^15bc40c9feae99cc879cfc55e0132caa\s*.* ]] > } > @@ -118,6 +193,8 @@ ustate: 0 (OK) > user variables: > foo = bar" ]] > > + resize_envfile "$envfile" 131072 > + > run md5sum "$envfile" > [[ "$output" =~ ^a24b154a48e1f33b79b87e0fa5eff8a1\s*.* ]] > }
Thanks, applied. Jan -- Siemens AG, Technology Linux Expert Center -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/68c16789-f0b2-4cd4-b644-e8a0edec627f%40siemens.com.
