summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch')
-rw-r--r--app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch39
1 files changed, 39 insertions, 0 deletions
diff --git a/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch b/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch
new file mode 100644
index 000000000000..f42c69616d13
--- /dev/null
+++ b/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch
@@ -0,0 +1,39 @@
+From e58a528ef57e53008222f238cce7c326a14572e2 Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley@Parallels.com>
+Date: Mon, 30 Sep 2013 19:25:37 -0700
+Subject: [PATCH 4/4] Fix for multi-sign
+
+The new Tianocore multi-sign code fails now for images signed with
+sbsigntools. The reason is that we don't actually align the signature table,
+we just slap it straight after the binary data. Unfortunately, the new
+multi-signature code checks that our alignment offsets are correct and fails
+the signature for this reason. Fix by adding junk to the end of the image to
+align the signature section.
+
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+---
+ src/image.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/image.c b/src/image.c
+index 10eba0e..519e288 100644
+--- a/src/image.c
++++ b/src/image.c
+@@ -385,7 +385,13 @@ static int image_find_regions(struct image *image)
+
+ /* record the size of non-signature data */
+ r = &image->checksum_regions[image->n_checksum_regions - 1];
+- image->data_size = (r->data - (void *)image->buf) + r->size;
++ /*
++ * The new Tianocore multisign does a stricter check of the signatures
++ * in particular, the signature table must start at an aligned offset
++ * fix this by adding bytes to the end of the text section (which must
++ * be included in the hash)
++ */
++ image->data_size = align_up((r->data - (void *)image->buf) + r->size, 8);
+
+ return 0;
+ }
+--
+1.8.4
+