Skip to content

Commit 8e16789

Browse files
mkayaalpdhowells
mkayaalp
authored and
dhowells
committed
KEYS: Use the symbol value for list size, updated by scripts/insert-sys-cert
When a certificate is inserted to the image using scripts/writekey, the value of __cert_list_end does not change. The updated size can be found out by reading the value pointed by the system_certificate_list_size symbol. Signed-off-by: Mehmet Kayaalp <mkayaalp@linux.vnet.ibm.com> Signed-off-by: David Howells <dhowells@redhat.com>
1 parent c4c3610 commit 8e16789

1 file changed

Lines changed: 21 additions & 8 deletions

File tree

scripts/extract-sys-certs.pl

Lines changed: 21 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -91,13 +91,15 @@ (@)
9191

9292
die "Can't find system certificate list"
9393
unless (exists($symbols{"__cert_list_start"}) &&
94-
exists($symbols{"__cert_list_end"}));
94+
exists($symbols{"system_certificate_list_size"}));
9595

9696
my $start = Math::BigInt->new($symbols{"__cert_list_start"});
97-
my $end = Math::BigInt->new($symbols{"__cert_list_end"});
98-
my $size = $end - $start;
97+
my $end;
98+
my $size;
99+
my $size_sym = Math::BigInt->new($symbols{"system_certificate_list_size"});
99100

100-
printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start;
101+
open FD, "<$vmlinux" || die $vmlinux;
102+
binmode(FD);
101103

102104
my $s = undef;
103105
foreach my $sec (@sections) {
@@ -110,11 +112,24 @@ (@)
110112
next unless ($start >= $s_vma);
111113
next if ($start >= $s_vend);
112114

113-
die "Cert object partially overflows section $s_name\n"
114-
if ($end > $s_vend);
115+
die "Certificate list size was not found on the same section\n"
116+
if ($size_sym < $s_vma || $size_sym > $s_vend);
115117

116118
die "Cert object in multiple sections: ", $s_name, " and ", $s->{name}, "\n"
117119
if ($s);
120+
121+
my $size_off = $size_sym -$s_vma + $s_foff;
122+
my $packed;
123+
die $vmlinux if (!defined(sysseek(FD, $size_off, SEEK_SET)));
124+
sysread(FD, $packed, 8);
125+
$size = unpack 'L!', $packed;
126+
$end = $start + $size;
127+
128+
printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start;
129+
130+
die "Cert object partially overflows section $s_name\n"
131+
if ($end > $s_vend);
132+
118133
$s = $sec;
119134
}
120135

@@ -127,8 +142,6 @@ (@)
127142

128143
printf "Certificate list at file offset 0x%x\n", $foff;
129144

130-
open FD, "<$vmlinux" || die $vmlinux;
131-
binmode(FD);
132145
die $vmlinux if (!defined(sysseek(FD, $foff, SEEK_SET)));
133146
my $buf = "";
134147
my $len = sysread(FD, $buf, $size);

0 commit comments

Comments
 (0)