| From e58a528ef57e53008222f238cce7c326a14572e2 Mon Sep 17 00:00:00 2001 |
| From: James Bottomley <JBottomley@Parallels.com> |
| Date: Mon, 30 Sep 2013 19:25:37 -0700 |
| Subject: [PATCH 4/4] Fix for multi-sign |
| |
| The new Tianocore multi-sign code fails now for images signed with |
| sbsigntools. The reason is that we don't actually align the signature table, |
| we just slap it straight after the binary data. Unfortunately, the new |
| multi-signature code checks that our alignment offsets are correct and fails |
| the signature for this reason. Fix by adding junk to the end of the image to |
| align the signature section. |
| |
| Signed-off-by: James Bottomley <JBottomley@Parallels.com> |
| --- |
| src/image.c | 8 +++++++- |
| 1 file changed, 7 insertions(+), 1 deletion(-) |
| |
| diff --git a/src/image.c b/src/image.c |
| index 10eba0e..519e288 100644 |
| --- a/src/image.c |
| +++ b/src/image.c |
| @@ -385,7 +385,13 @@ static int image_find_regions(struct image *image) |
| |
| /* record the size of non-signature data */ |
| r = &image->checksum_regions[image->n_checksum_regions - 1]; |
| - image->data_size = (r->data - (void *)image->buf) + r->size; |
| + /* |
| + * The new Tianocore multisign does a stricter check of the signatures |
| + * in particular, the signature table must start at an aligned offset |
| + * fix this by adding bytes to the end of the text section (which must |
| + * be included in the hash) |
| + */ |
| + image->data_size = align_up((r->data - (void *)image->buf) + r->size, 8); |
| |
| return 0; |
| } |
| -- |
| 1.8.4 |
| |