From mboxrd@z Thu Jan 1 00:00:00 1970 From: AKASHI Takahiro Date: Tue, 19 Nov 2019 14:22:35 +0900 Subject: [U-Boot] [PATCH 05/16] efi_loader: add signature verification functions In-Reply-To: <20191118083151.GU22427@linaro.org> References: <20191113005306.30356-1-takahiro.akashi@linaro.org> <20191113005306.30356-6-takahiro.akashi@linaro.org> <20191118083151.GU22427@linaro.org> Message-ID: <20191119052234.GV22427@linaro.org> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de On Mon, Nov 18, 2019 at 05:31:52PM +0900, AKASHI Takahiro wrote: > > >+static const unsigned char WinIndirectSha256[] = { > > > > We don't use camel case. > > Okay, this one is a local variable. Fix it. > > > >+ 0x30, 0x33, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, > > >+ 0x01, 0x0f, 0x30, 0x25, 0x03, 0x01, 0x00, 0xa0, 0x20, 0xa2, 0x1e, 0x80, > > >+ 0x1c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x3c, 0x00, 0x4f, 0x00, 0x62, 0x00, > > >+ 0x73, 0x00, 0x6f, 0x00, 0x6c, 0x00, 0x65, 0x00, 0x74, 0x00, 0x65, 0x00, > > >+ 0x3e, 0x00, 0x3e, 0x00, 0x3e, 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, > > >+ 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 > > >+}; > > > > What secret sauce is this? - Please, add comments where applicable. Add > > references where needed for verification of correctness. > > A similar technique is also used in EDK2. > I will add "decoded" version of data in a comment. I found that this header is already embedded in signature's contentInfo. So I will rework the code and remove this variable. See some information about Windows authenticode's contentInfo: http://download.microsoft.com/download/9/c/5/9c5b2167-8017-4bae-9fde-d599bac8184a/authenticode_pe.docx and https://github.com/rhboot/pesign/blob/master/src/content_info.c Thanks, -Takahiro Akashi