| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
In the mmap() bugfix patch, I reduced the scope of a variable below its
required range. Reverting to the previous definition
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |\
| |
| | |
Add get_date_string() function to crtSignedContainer.sh
|
| | |
| |
| |
| |
| |
| |
| | |
On some systems (AIX) the date command does not support the '-d' option
and there is no facility to convert numeric time to presentation format.
The new function uses Perl as a fallback in this case. Thanks to Matt
Vaught (mtvaught-ibm) for the suggestion.
|
| | |
| |
| |
| | |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |/
|
|
|
|
|
|
| |
In indpendent mode, there are cases where we want to look for signatures
elsewhere in the cache, if not found in the local cache, that were not
covered previously.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
Test for nonzero value is the default test operation in shell, so it's not
necessary to use -n explicitly in tests. Removing them makes the code a
bit more compact.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Calls to mmap() with offset are problematic since offset must be on an even
page boundary, which may vary between systems. Rather than adding code to
handle this, it's easier to not use offset in this case.
Also, the code should use MAP_FAILED instead of NULL, when chekcing mmap() rc.
Also, this patch allows input payload to be omitted, in create-container.c
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
| |
When die() is called, close all open fd > 2 prior to exit. To keep it fast,
only the first sixteen fds are checked, since there would unlikely be more
than that. A more robust approach would be to check all up to FD_SETSIZE,
as defined in select.h or typesizes.h
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
In cases where input payload or output imagefile are not needed, we previously
required __none to be specified for these properties. But really they can be
omitted, and we can treat it as if __none were specified.
Also, fix a shellcheck warning from a previous commit.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
Add a simple check to crtSignedContainer.sh to make sure basic tools, openssl
commands, and other signtool and signframework executables are found in PATH,
before proceeding.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
Fix some warnings from shellcheck static analyzer tool, in crtSignedContainer.sh,
mostly regarding double-quoting
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
I was unclear on this previously, but apparently the right way is to include
config.h in all files (ref: https://sourceware.org/autobook/autobook/
autobook_66.html#Installing-Header-Files) as the first entry, before any
other header file (ref: https://www.gnu.org/software/autoconf/manual/
autoconf-2.66/html_node/Configuration-Headers.html).
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
| |
Helpful for execution under op-build, where command line options are not exposed.
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| | |
|
| | |
|
| |
|
|
|
|
| |
To quash warnings from very picky compilers
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
|
|
|
| |
On __getkey, the behavior should be to integrate a signature if found, but
skip the request if not found. Currently it skips both.
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |\ |
|
| |/
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |\
| |
| | |
Add --contrHdrOut option to crtSignedContainer.sh
|
| | |
| |
| |
| | |
Adds option to dump the container header (first 4k) without the payload.
|
| |\ \
| |/
|/| |
Make signproject base names configurable via env or INI
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This patch allows signframework project basenames to be settable via env
or INI. There are three new env properties: SF_HW_SIGNING_PROJECT_BASE,
SF_FW_SIGNING_PROJECT_BASE and SF_GETPUBKEY_PROJECT_BASE. In the INI, there
are three new properties under a new section [signproject]. The defaults
are the values that were previously hardcoded.
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| | |
| |
| |
| | |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| | |
| |
| |
| | |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |/
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
