summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg Kroah-Hartman <gregkh@gentoo.org>2013-10-03 02:01:36 +0000
committerGreg Kroah-Hartman <gregkh@gentoo.org>2013-10-03 02:01:36 +0000
commitbbded069e9e17361019b97cd98a400fc245fd3e8 (patch)
treecbe8c5e718996e98efc01328cfeae652d0bd1dfd /app-crypt
parentAllow zukitwo to be stabilized before gnome-shell (diff)
downloadgentoo-2-bbded069e9e17361019b97cd98a400fc245fd3e8.tar.gz
gentoo-2-bbded069e9e17361019b97cd98a400fc245fd3e8.tar.bz2
gentoo-2-bbded069e9e17361019b97cd98a400fc245fd3e8.zip
manually commit, due to flaky network connection on a train...
Diffstat (limited to 'app-crypt')
-rw-r--r--app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch29
-rw-r--r--app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch39
2 files changed, 68 insertions, 0 deletions
diff --git a/app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch b/app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch
new file mode 100644
index 000000000000..dfe183e66cd2
--- /dev/null
+++ b/app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch
@@ -0,0 +1,29 @@
+From 21e984fa9d93a760cc03f5d9d13d023809227df2 Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley@Parallels.com>
+Date: Thu, 11 Apr 2013 21:12:17 -0700
+Subject: image.c: clear image variable
+
+Not zeroing the image after talloc occasionally leads to a segfault because
+the programme thinks it has a signature when in reality it just has a junk
+pointer and segfaults.
+
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+---
+ src/image.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/image.c b/src/image.c
+index cc55791..10eba0e 100644
+--- a/src/image.c
++++ b/src/image.c
+@@ -401,6 +401,7 @@ struct image *image_load(const char *filename)
+ return NULL;
+ }
+
++ memset(image, 0, sizeof(*image));
+ rc = fileio_read_file(image, filename, &image->buf, &image->size);
+ if (rc)
+ goto err;
+--
+1.8.2.1
+
diff --git a/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch b/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch
new file mode 100644
index 000000000000..f42c69616d13
--- /dev/null
+++ b/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch
@@ -0,0 +1,39 @@
+From e58a528ef57e53008222f238cce7c326a14572e2 Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley@Parallels.com>
+Date: Mon, 30 Sep 2013 19:25:37 -0700
+Subject: [PATCH 4/4] Fix for multi-sign
+
+The new Tianocore multi-sign code fails now for images signed with
+sbsigntools. The reason is that we don't actually align the signature table,
+we just slap it straight after the binary data. Unfortunately, the new
+multi-signature code checks that our alignment offsets are correct and fails
+the signature for this reason. Fix by adding junk to the end of the image to
+align the signature section.
+
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+---
+ src/image.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/image.c b/src/image.c
+index 10eba0e..519e288 100644
+--- a/src/image.c
++++ b/src/image.c
+@@ -385,7 +385,13 @@ static int image_find_regions(struct image *image)
+
+ /* record the size of non-signature data */
+ r = &image->checksum_regions[image->n_checksum_regions - 1];
+- image->data_size = (r->data - (void *)image->buf) + r->size;
++ /*
++ * The new Tianocore multisign does a stricter check of the signatures
++ * in particular, the signature table must start at an aligned offset
++ * fix this by adding bytes to the end of the text section (which must
++ * be included in the hash)
++ */
++ image->data_size = align_up((r->data - (void *)image->buf) + r->size, 8);
+
+ return 0;
+ }
+--
+1.8.4
+