From 245cda6641ade1f1013c2d5c9c838f2706636828 Mon Sep 17 00:00:00 2001 From: Yonghong Zhu Date: Thu, 13 Oct 2016 15:59:06 +0800 Subject: [PATCH] BaseTools: Update sign tool to make MonotonicCount *after* Payload The WIN_CERTIFICATE_UEFI_GUID AuthInfo defined in the UEFI spec mentioned that It is a signature across the image data and the Monotonic Count value. After clarification, we do the signature calculation, we put MonotonicCount after Payload. Cc: Liming Gao Cc: Jiewen Yao Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu Reviewed-by: Liming Gao Reviewed-by: Jiewen Yao Tested-by: Jiewen Yao --- BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py | 8 ++++---- .../Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py index b9f8c066a7..f0b2d8a559 100644 --- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py +++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py @@ -197,8 +197,8 @@ if __name__ == '__main__': print 'ERROR: test other public cert file %s missing' % (args.OtherPublicCertFileName) sys.exit(1) - format = "Q%ds" % len(args.InputFileBuffer) - FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer) + format = "%dsQ" % len(args.InputFileBuffer) + FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue) # # Sign the input file using the specified private key and capture signature from STDOUT @@ -261,8 +261,8 @@ if __name__ == '__main__': args.SignatureBuffer = args.InputFileBuffer[0:SignatureSize] args.InputFileBuffer = args.InputFileBuffer[SignatureSize:] - format = "Q%ds" % len(args.InputFileBuffer) - FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer) + format = "%dsQ" % len(args.InputFileBuffer) + FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue) # # Save output file contents from input file diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py index 34106680ee..199ebec1bb 100644 --- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py +++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py @@ -169,8 +169,8 @@ if __name__ == '__main__': if args.Encode: FullInputFileBuffer = args.InputFileBuffer if args.MonotonicCountStr: - format = "Q%ds" % len(args.InputFileBuffer) - FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer) + format = "%dsQ" % len(args.InputFileBuffer) + FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue) # # Sign the input file using the specified private key and capture signature from STDOUT # @@ -212,8 +212,8 @@ if __name__ == '__main__': FullInputFileBuffer = args.InputFileBuffer if args.MonotonicCountStr: - format = "Q%ds" % len(args.InputFileBuffer) - FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer) + format = "%dsQ" % len(args.InputFileBuffer) + FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue) # # Write Signature to output file -- 2.39.2