coreboot-mirror
/
9esec-security-tooling
mirror of https://review.coreboot.org/9esec-security-tooling.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #189 from 9elements/fix/bpmStitchAndCut 

Fix BPM --cut option and BPM Stitching
This commit is contained in:
Zaolin 2021-03-09 09:38:16 +01:00 committed by GitHub
parent df5225eaea f3f357a7a4
commit 2b028cc0e3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/bg-prov/cmd.go
View File

@ -455,7 +455,7 @@ func (g *generateBPMCmd) Run(ctx *context) error {
return err
}
if g.Cut {
bBPM = bBPM[:bpm.PMSEOffset()]
bBPM = bBPM[:bpm.KeySignatureOffset]
}
if err = ioutil.WriteFile(g.BPM, bBPM, 0600); err != nil {
return fmt.Errorf("unable to write BPM to file: %w", err)

6
pkg/provisioning/bg/marshal.go
View File

@ -40,9 +40,15 @@ func StitchKM(km *key.Manifest, pubKey crypto.PublicKey, signature []byte) ([]by
// StitchBPM returns a boot policy manifest as byte slice
func StitchBPM(bpm *bootpolicy.Manifest, pubKey crypto.PublicKey, signature []byte) ([]byte, error) {
PMSEString := [8]byte{0x5f, 0x5f, 0x50, 0x4d, 0x53, 0x47, 0x5f, 0x5f}
bpm.PMSE.StructInfo = bootpolicy.StructInfo{}
bpm.PMSE.StructInfo.ID = PMSEString
bpm.PMSE.StructInfo.Version = 0x20
if err := bpm.PMSE.KeySignature.FillSignature(0, pubKey, signature, manifest.AlgNull); err != nil {
return nil, err
}
bpm.RehashRecursive()
if err := bpm.Validate(); err != nil {
return nil, err