| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| |\
| |
| | |
Fix double delete bug when using OpenSSL v1.1 or higher
|
| |/
|
|
|
| |
This commit fixes a problem wherein, in the verify_signature API, if OpenSSL version is 1.1 or higher, the call to ECDSA_SIG_set0 assigns memory ownership of R+S to the ECDSA signature, but then still frees them before calling ECDSA_SIG_free, leading to an application crash. Now, those frees will be inhibited in that path, and ECDSA_SIG_free will take care of reclaiming the memory instead.
Signed-off-by: Nick Bofferding opensource@bofferding.net
|
| | |
|
| | |
|
| |\
| |
| | |
Support setting software flags field in software header
|
| |/
|
|
| |
- Adds support to specify --sw-flags in crtSignedContainer.sh
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This change is dependent on the related change to genPnorImages.pl in
Hostboot, and although it's changed upstream, there are still active
op-build machine configs that are locked to an older version. So it's
unclear when this change can be finalized. For now I'm going to punt
and allow the old cmdline options to still work, and continue to
support both the new and deprecated cmdline options.
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
|
|
|
| |
Fix erroneous warning about scope of buf in print-container.c, by adding
an unneeded but harmless init of its pointer in the surrounding scope.
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
Make sure the value of any boolean configuration property is set to
an acceptable string (True), or an empty string (False). This is safer
and more robust.
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
|
|
|
|
| |
It makes sense to do this for environments outside of op-build. Under
op-build it's helpful to keep cache by default, so now will set it
explicitly under op-build.
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@us.ibm.com>
|
| |\
| |
| | |
Support multiple KMS in Production mode
|
| |/
|
|
|
|
|
|
|
|
| |
This adds support for PKCS11 as an alternate key management system in
place of signframework, and adds the configuation property SB_KMS and
a new command line option --kms to select between them. If unset the
default is "signframework". If set to "pkcs11" two additional
configuration properties, specifying the token name and the shared
library implementing the token, are recognized. These properties are
set by environment, or via the INI under a new section [pkcs11].
|
| |\
| |
| | |
Support inter-mode import (part 2)
|
| |/
|
|
|
|
|
|
|
| |
This completes support for the the case where HW key signing is done
standalone in Local or Independent mode, and the signatures are imported
into Production mode. It also adds support for the opposite case, where
HW key siging is done in Production mode and artifacts are imported and
exported to FW key signing in Local mode. Refactors most of the
keyfinder/sigfinder code in crtSignedContainer.sh.
|
| |\
| |
| | |
Support inter-mode import
|
| |/
|
|
|
|
|
|
|
|
|
| |
Supports the case where HW key signing is done standalone in Local or
Independent mode, and the signatures are imported into Production mode.
The use of "signing project" names, used previously in Production only,
is now extended to Local or Independent mode. The HW key signer may set
a "hw_signing_project_basename". If set, the export will be prepared
for import to a Production mode process where the same project basename
is in use. On import, signtool will pick up the artifacts generated
by this basename.
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |\
| |
| | |
Add --validate-ignore-remainder option to print-container
|
| |/
|
|
|
|
|
|
| |
When --validate is requested the default behavior is to use the actual
payload size for calculating the payload hash. With this option it will
use the payload size from the container header and ignore any additional
bytes following end of payload. Useful for validataing container files
with padding after the payload.
|
| |\
| |
| | |
Don't reuse FW keys sigs for transition containers
|
| |/
|
|
| |
because SBKT and SBKTRAND are regenerated on each run
|
| |
|
|
|
|
|
| |
because AIX doesn't like it. In this case, can get the same result by just
deleting the destination directory first.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
If no --out is provide we use a scratch file for output container. But
there is no reason to keep this; if the user wants a persistent file he
can specify --out.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
This adds config properties SB_VERIFY_TRANS and SB_PROJECT_INI_TRANS.
If set, these take precedence over their non-_TRANS counterparts for
the transistion 'to' container only (SBKTRAND).
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| | |
|
| | |
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
| |
getopt_long() is not natively supported on AIX, so instead do a
simple long-to-short option replacement in shell. See issue 14
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |\
| |
| | |
Fix cache cleanup when archive import is used
|
| |/
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
A helper script to handle a batch of signing requests, in stand-alone
operation, to be signed with the same set of keys. Useful for handling
the multiple signing requests exported by op-build in independent mode.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
| |
as to not interfere with the operation of help or usage.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
This patch removes the second dependency in crtSignedContainer.sh, in the
generation of the payload hash, in Production mode. Now the .md files
are generated by create-container instead.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
|
|
|
|
| |
There is no 'xxd' command in AIX. This patch removes one of the two
dependencies in crtSignedContainer.sh: in the is_key_raw() function.
This is now done with a shell comparison instead.
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
| |
|
|
| |
Signed-off-by: Dave Heller <hellerda@linux.vnet.ibm.com>
|
