BaseTools: Update sign tool to make MonotonicCount *after* Payload
authorYonghong Zhu <yonghong.zhu@intel.com>
Thu, 13 Oct 2016 07:59:06 +0000 (15:59 +0800)
committerYonghong Zhu <yonghong.zhu@intel.com>
Mon, 17 Oct 2016 05:26:22 +0000 (13:26 +0800)
The WIN_CERTIFICATE_UEFI_GUID AuthInfo defined in the UEFI spec
mentioned that It is a signature across the image data and the
Monotonic Count value. After clarification, we do the signature
calculation, we put MonotonicCount after Payload.

Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Jiewen Yao <jiewen.yao@intel.com>
BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py

index b9f8c066a7c357c98fa29ed544e2dd61fb2b7c28..f0b2d8a559c155c63d59505cf2ebd47b8944abef 100644 (file)
@@ -197,8 +197,8 @@ if __name__ == '__main__':
         print 'ERROR: test other public cert file %s missing' % (args.OtherPublicCertFileName)\r
         sys.exit(1)\r
 \r
-    format = "Q%ds" % len(args.InputFileBuffer)\r
-    FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)\r
+    format = "%dsQ" % len(args.InputFileBuffer)\r
+    FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)\r
 \r
     #\r
     # Sign the input file using the specified private key and capture signature from STDOUT\r
@@ -261,8 +261,8 @@ if __name__ == '__main__':
     args.SignatureBuffer = args.InputFileBuffer[0:SignatureSize]\r
     args.InputFileBuffer = args.InputFileBuffer[SignatureSize:]\r
 \r
-    format = "Q%ds" % len(args.InputFileBuffer)\r
-    FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)\r
+    format = "%dsQ" % len(args.InputFileBuffer)\r
+    FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)\r
 \r
     #\r
     # Save output file contents from input file\r
index 34106680eef07b8b637904a2cf0c01a41e4306eb..199ebec1bb7c64cf17d486f6247cb0a780f8e020 100644 (file)
@@ -169,8 +169,8 @@ if __name__ == '__main__':
   if args.Encode:\r
     FullInputFileBuffer = args.InputFileBuffer\r
     if args.MonotonicCountStr:\r
-      format = "Q%ds" % len(args.InputFileBuffer)\r
-      FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)\r
+      format = "%dsQ" % len(args.InputFileBuffer)\r
+      FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)\r
     # \r
     # Sign the input file using the specified private key and capture signature from STDOUT\r
     #\r
@@ -212,8 +212,8 @@ if __name__ == '__main__':
 \r
     FullInputFileBuffer = args.InputFileBuffer\r
     if args.MonotonicCountStr:\r
-      format = "Q%ds" % len(args.InputFileBuffer)\r
-      FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)\r
+      format = "%dsQ" % len(args.InputFileBuffer)\r
+      FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)\r
 \r
     #\r
     # Write Signature to output file\r