diff options
| author | Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> | 2015-11-24 16:19:03 -0500 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2016-02-26 10:32:05 -0500 |
| commit | 8e1678988897ebcc29b318ed78af4808202772df (patch) | |
| tree | 69054046b87f7fd11677707a3992a1cd4c401632 /scripts | |
| parent | c4c36105958576fee87d2c75f4b69b6e5bbde772 (diff) | |
KEYS: Use the symbol value for list size, updated by scripts/insert-sys-cert
When a certificate is inserted to the image using scripts/writekey, the
value of __cert_list_end does not change. The updated size can be found
out by reading the value pointed by the system_certificate_list_size
symbol.
Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'scripts')
| -rwxr-xr-x | scripts/extract-sys-certs.pl | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/scripts/extract-sys-certs.pl b/scripts/extract-sys-certs.pl index d476e7d1fd88..8227ca10a494 100755 --- a/scripts/extract-sys-certs.pl +++ b/scripts/extract-sys-certs.pl | |||
| @@ -91,13 +91,15 @@ print "Have $nr_symbols symbols\n"; | |||
| 91 | 91 | ||
| 92 | die "Can't find system certificate list" | 92 | die "Can't find system certificate list" |
| 93 | unless (exists($symbols{"__cert_list_start"}) && | 93 | unless (exists($symbols{"__cert_list_start"}) && |
| 94 | exists($symbols{"__cert_list_end"})); | 94 | exists($symbols{"system_certificate_list_size"})); |
| 95 | 95 | ||
| 96 | my $start = Math::BigInt->new($symbols{"__cert_list_start"}); | 96 | my $start = Math::BigInt->new($symbols{"__cert_list_start"}); |
| 97 | my $end = Math::BigInt->new($symbols{"__cert_list_end"}); | 97 | my $end; |
| 98 | my $size = $end - $start; | 98 | my $size; |
| 99 | my $size_sym = Math::BigInt->new($symbols{"system_certificate_list_size"}); | ||
| 99 | 100 | ||
| 100 | printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start; | 101 | open FD, "<$vmlinux" || die $vmlinux; |
| 102 | binmode(FD); | ||
| 101 | 103 | ||
| 102 | my $s = undef; | 104 | my $s = undef; |
| 103 | foreach my $sec (@sections) { | 105 | foreach my $sec (@sections) { |
| @@ -110,11 +112,24 @@ foreach my $sec (@sections) { | |||
| 110 | next unless ($start >= $s_vma); | 112 | next unless ($start >= $s_vma); |
| 111 | next if ($start >= $s_vend); | 113 | next if ($start >= $s_vend); |
| 112 | 114 | ||
| 113 | die "Cert object partially overflows section $s_name\n" | 115 | die "Certificate list size was not found on the same section\n" |
| 114 | if ($end > $s_vend); | 116 | if ($size_sym < $s_vma || $size_sym > $s_vend); |
| 115 | 117 | ||
| 116 | die "Cert object in multiple sections: ", $s_name, " and ", $s->{name}, "\n" | 118 | die "Cert object in multiple sections: ", $s_name, " and ", $s->{name}, "\n" |
| 117 | if ($s); | 119 | if ($s); |
| 120 | |||
| 121 | my $size_off = $size_sym -$s_vma + $s_foff; | ||
| 122 | my $packed; | ||
| 123 | die $vmlinux if (!defined(sysseek(FD, $size_off, SEEK_SET))); | ||
| 124 | sysread(FD, $packed, 8); | ||
| 125 | $size = unpack 'L!', $packed; | ||
| 126 | $end = $start + $size; | ||
| 127 | |||
| 128 | printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start; | ||
| 129 | |||
| 130 | die "Cert object partially overflows section $s_name\n" | ||
| 131 | if ($end > $s_vend); | ||
| 132 | |||
| 118 | $s = $sec; | 133 | $s = $sec; |
| 119 | } | 134 | } |
| 120 | 135 | ||
| @@ -127,8 +142,6 @@ my $foff = $start - $s->{vma} + $s->{foff}; | |||
| 127 | 142 | ||
| 128 | printf "Certificate list at file offset 0x%x\n", $foff; | 143 | printf "Certificate list at file offset 0x%x\n", $foff; |
| 129 | 144 | ||
| 130 | open FD, "<$vmlinux" || die $vmlinux; | ||
| 131 | binmode(FD); | ||
| 132 | die $vmlinux if (!defined(sysseek(FD, $foff, SEEK_SET))); | 145 | die $vmlinux if (!defined(sysseek(FD, $foff, SEEK_SET))); |
| 133 | my $buf = ""; | 146 | my $buf = ""; |
| 134 | my $len = sysread(FD, $buf, $size); | 147 | my $len = sysread(FD, $buf, $size); |