[U-Boot] [PATCH 05/16] efi_loader: add signature verification functions
AKASHI Takahiro
takahiro.akashi at linaro.org
Tue Nov 19 05:22:35 UTC 2019
On Mon, Nov 18, 2019 at 05:31:52PM +0900, AKASHI Takahiro wrote:
> > >+static const unsigned char WinIndirectSha256[] = {
> >
> > We don't use camel case.
>
> Okay, this one is a local variable. Fix it.
>
> > >+ 0x30, 0x33, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02,
> > >+ 0x01, 0x0f, 0x30, 0x25, 0x03, 0x01, 0x00, 0xa0, 0x20, 0xa2, 0x1e, 0x80,
> > >+ 0x1c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x4f, 0x00, 0x62, 0x00,
> > >+ 0x73, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00,
> > >+ 0x3e, 0x00, 0x3e, 0x00, 0x3e, 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60,
> > >+ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20
> > >+};
> >
> > What secret sauce is this? - Please, add comments where applicable. Add
> > references where needed for verification of correctness.
>
> A similar technique is also used in EDK2.
> I will add "decoded" version of data in a comment.
I found that this header is already embedded in signature's contentInfo.
So I will rework the code and remove this variable.
See some information about Windows authenticode's contentInfo:
http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/authenticode_pe.docx
and
https://github.com/rhboot/pesign/blob/master/src/content_info.c
Thanks,
-Takahiro Akashi
More information about the U-Boot
mailing list