diff options
Diffstat (limited to 'app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch')
-rw-r--r-- | app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch b/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch new file mode 100644 index 000000000000..f42c69616d13 --- /dev/null +++ b/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch @@ -0,0 +1,39 @@ +From e58a528ef57e53008222f238cce7c326a14572e2 Mon Sep 17 00:00:00 2001 +From: James Bottomley <JBottomley@Parallels.com> +Date: Mon, 30 Sep 2013 19:25:37 -0700 +Subject: [PATCH 4/4] Fix for multi-sign + +The new Tianocore multi-sign code fails now for images signed with +sbsigntools. The reason is that we don't actually align the signature table, +we just slap it straight after the binary data. Unfortunately, the new +multi-signature code checks that our alignment offsets are correct and fails +the signature for this reason. Fix by adding junk to the end of the image to +align the signature section. + +Signed-off-by: James Bottomley <JBottomley@Parallels.com> +--- + src/image.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/image.c b/src/image.c +index 10eba0e..519e288 100644 +--- a/src/image.c ++++ b/src/image.c +@@ -385,7 +385,13 @@ static int image_find_regions(struct image *image) + + /* record the size of non-signature data */ + r = &image->checksum_regions[image->n_checksum_regions - 1]; +- image->data_size = (r->data - (void *)image->buf) + r->size; ++ /* ++ * The new Tianocore multisign does a stricter check of the signatures ++ * in particular, the signature table must start at an aligned offset ++ * fix this by adding bytes to the end of the text section (which must ++ * be included in the hash) ++ */ ++ image->data_size = align_up((r->data - (void *)image->buf) + r->size, 8); + + return 0; + } +-- +1.8.4 + |