Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932575Ab2KWGwB (ORCPT ); Fri, 23 Nov 2012 01:52:01 -0500 Received: from smtp.nue.novell.com ([195.135.221.5]:42124 "EHLO smtp.nue.novell.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757572Ab2KWGv7 (ORCPT ); Fri, 23 Nov 2012 01:51:59 -0500 Subject: Re: [PATCH RFC v2 2/4] firmware: Add -a option to scripts/sign-file From: joeyli To: Takashi Iwai Cc: Matthew Garrett , Alan Cox , Jiri Kosina , David Howells , Rusty Russell , Ming Lei , linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-efi@vger.kernel.org In-Reply-To: <1352396109-3989-3-git-send-email-tiwai@suse.de> References: <1352396109-3989-1-git-send-email-tiwai@suse.de> <1352396109-3989-3-git-send-email-tiwai@suse.de> Content-Type: text/plain; charset="UTF-8" Date: Fri, 23 Nov 2012 14:51:04 +0800 Message-ID: <1353653464.21227.736.camel@linux-s257.site> Mime-Version: 1.0 X-Mailer: Evolution 2.28.2 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 4418 Lines: 141 於 四,2012-11-08 於 18:35 +0100,Takashi Iwai 提到: > Add a new option -a to sign-file for specifying the hash algorithm > to sign a file, to make it working without .config file. > This will be useful signing external module or firmware files. > > Signed-off-by: Takashi Iwai Tested-by: Chun-Yi Lee Joey Lee > --- > scripts/sign-file | 40 ++++++++++++++++++++++++++++------------ > 1 file changed, 28 insertions(+), 12 deletions(-) > > diff --git a/scripts/sign-file b/scripts/sign-file > index 5b9d44d..581cdcd 100755 > --- a/scripts/sign-file > +++ b/scripts/sign-file > @@ -4,7 +4,7 @@ > # > # Format: > # > -# ./scripts/sign-file [-v] [-f] [] > +# ./scripts/sign-file [-v] [-f] [-a algo] [] > # > # > use strict; > @@ -17,16 +17,19 @@ sub usage() > print "Format: ./scripts/sign-file [options] [] > -v verbose output > -f create a firmware signature file > + -a algo specify hash algorithm > "; > exit; > } > > my $verbose = 0; > +my $hashalgo = ""; > my $sign_fw = 0; > > GetOptions( > 'v|verbose' => \$verbose, > - 'f|firmware' => \$sign_fw) || usage(); > + 'f|firmware' => \$sign_fw, > + 'a|algo=s' => \$hashalgo) || usage(); > usage() if ($#ARGV != 2 && $#ARGV != 3); > > my $private_key = $ARGV[0]; > @@ -42,10 +45,7 @@ die "Can't read $mode_name\n" unless (-r $module); > # > # Read the kernel configuration > # > -my %config = ( > - CONFIG_MODULE_SIG_SHA512 => 1 > - ); > - > +my %config; > if (-r ".config") { > open(FD, "<.config") || die ".config"; > while () { > @@ -56,6 +56,22 @@ if (-r ".config") { > close(FD); > } > > +if ($hashalgo eq "") { > + if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) { > + $hashalgo="sha1"; > + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) { > + $hashalgo="sha224"; > + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) { > + $hashalgo="sha256"; > + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) { > + $hashalgo="sha384"; > + } elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) { > + $hashalgo="sha512"; > + } else { > + die "Can't determine hash algorithm"; > + } > +} > + > # > # Function to read the contents of a file into a variable. > # > @@ -332,35 +348,35 @@ my $id_type = 1; # Identifier type: X.509 > # Digest the data > # > my ($dgst, $prologue) = (); > -if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) { > +if ($hashalgo eq "sha1") { > $prologue = pack("C*", > 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, > 0x2B, 0x0E, 0x03, 0x02, 0x1A, > 0x05, 0x00, 0x04, 0x14); > $dgst = "-sha1"; > $hash = 2; > -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA224"}) { > +} elsif ($hashalgo eq "sha224") { > $prologue = pack("C*", > 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, > 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, > 0x05, 0x00, 0x04, 0x1C); > $dgst = "-sha224"; > $hash = 7; > -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA256"}) { > +} elsif ($hashalgo eq "sha256") { > $prologue = pack("C*", > 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, > 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, > 0x05, 0x00, 0x04, 0x20); > $dgst = "-sha256"; > $hash = 4; > -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA384"}) { > +} elsif ($hashalgo eq "sha384") { > $prologue = pack("C*", > 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, > 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, > 0x05, 0x00, 0x04, 0x30); > $dgst = "-sha384"; > $hash = 5; > -} elsif (exists $config{"CONFIG_MODULE_SIG_SHA512"}) { > +} elsif ($hashalgo eq "sha512") { > $prologue = pack("C*", > 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, > 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, > @@ -368,7 +384,7 @@ if (exists $config{"CONFIG_MODULE_SIG_SHA1"}) { > $dgst = "-sha512"; > $hash = 6; > } else { > - die "Can't determine hash algorithm"; > + die "Invalid hash algorithm $hashalgo"; > } > > # -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/