Commit 8e167898 authored by Mehmet Kayaalp's avatar Mehmet Kayaalp Committed by David Howells

KEYS: Use the symbol value for list size, updated by scripts/insert-sys-cert

When a certificate is inserted to the image using scripts/writekey, the
value of __cert_list_end does not change. The updated size can be found
out by reading the value pointed by the system_certificate_list_size
symbol.
Signed-off-by: default avatarMehmet Kayaalp <mkayaalp@linux.vnet.ibm.com>
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
parent c4c36105
...@@ -91,13 +91,15 @@ print "Have $nr_symbols symbols\n"; ...@@ -91,13 +91,15 @@ print "Have $nr_symbols symbols\n";
die "Can't find system certificate list" die "Can't find system certificate list"
unless (exists($symbols{"__cert_list_start"}) && unless (exists($symbols{"__cert_list_start"}) &&
exists($symbols{"__cert_list_end"})); exists($symbols{"system_certificate_list_size"}));
my $start = Math::BigInt->new($symbols{"__cert_list_start"}); my $start = Math::BigInt->new($symbols{"__cert_list_start"});
my $end = Math::BigInt->new($symbols{"__cert_list_end"}); my $end;
my $size = $end - $start; my $size;
my $size_sym = Math::BigInt->new($symbols{"system_certificate_list_size"});
printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start; open FD, "<$vmlinux" || die $vmlinux;
binmode(FD);
my $s = undef; my $s = undef;
foreach my $sec (@sections) { foreach my $sec (@sections) {
...@@ -110,11 +112,24 @@ foreach my $sec (@sections) { ...@@ -110,11 +112,24 @@ foreach my $sec (@sections) {
next unless ($start >= $s_vma); next unless ($start >= $s_vma);
next if ($start >= $s_vend); next if ($start >= $s_vend);
die "Cert object partially overflows section $s_name\n" die "Certificate list size was not found on the same section\n"
if ($end > $s_vend); if ($size_sym < $s_vma || $size_sym > $s_vend);
die "Cert object in multiple sections: ", $s_name, " and ", $s->{name}, "\n" die "Cert object in multiple sections: ", $s_name, " and ", $s->{name}, "\n"
if ($s); if ($s);
my $size_off = $size_sym -$s_vma + $s_foff;
my $packed;
die $vmlinux if (!defined(sysseek(FD, $size_off, SEEK_SET)));
sysread(FD, $packed, 8);
$size = unpack 'L!', $packed;
$end = $start + $size;
printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start;
die "Cert object partially overflows section $s_name\n"
if ($end > $s_vend);
$s = $sec; $s = $sec;
} }
...@@ -127,8 +142,6 @@ my $foff = $start - $s->{vma} + $s->{foff}; ...@@ -127,8 +142,6 @@ my $foff = $start - $s->{vma} + $s->{foff};
printf "Certificate list at file offset 0x%x\n", $foff; printf "Certificate list at file offset 0x%x\n", $foff;
open FD, "<$vmlinux" || die $vmlinux;
binmode(FD);
die $vmlinux if (!defined(sysseek(FD, $foff, SEEK_SET))); die $vmlinux if (!defined(sysseek(FD, $foff, SEEK_SET)));
my $buf = ""; my $buf = "";
my $len = sysread(FD, $buf, $size); my $len = sysread(FD, $buf, $size);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment