BaseTools: Update sign tool to make MonotonicCount *after* Payload The WIN_CERTIFICATE_UEFI_GUID AuthInfo defined in the UEFI spec mentioned that It is a signature across the image data and the Monotonic Count value. After clarification, we do the signature calculation, we put MonotonicCount after Payload. Cc: Liming Gao <liming.gao@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com> Reviewed-by: Liming Gao <liming.gao@intel.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> Tested-by: Jiewen Yao <jiewen.yao@intel.com>

commit: 245cda6641ade1f1013c2d5c9c838f2706636828 [log] [tgz]
author: Yonghong Zhu <yonghong.zhu@intel.com> Thu Oct 13 15:59:06 2016 +0800
committer: Yonghong Zhu <yonghong.zhu@intel.com> Mon Oct 17 13:26:22 2016 +0800
tree: bcb62157329d86345fdd7eb3c7d1a30eac94c310
parent: 4dd8787a20e2b74cfcc297253f237e0ac86c9289 [diff]
diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
index b9f8c06..f0b2d8a 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
+++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py

@@ -197,8 +197,8 @@
         print 'ERROR: test other public cert file %s missing' % (args.OtherPublicCertFileName)

         sys.exit(1)

 

-    format = "Q%ds" % len(args.InputFileBuffer)

-    FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)

+    format = "%dsQ" % len(args.InputFileBuffer)

+    FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)

 

     #

     # Sign the input file using the specified private key and capture signature from STDOUT

@@ -261,8 +261,8 @@
     args.SignatureBuffer = args.InputFileBuffer[0:SignatureSize]

     args.InputFileBuffer = args.InputFileBuffer[SignatureSize:]

 

-    format = "Q%ds" % len(args.InputFileBuffer)

-    FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)

+    format = "%dsQ" % len(args.InputFileBuffer)

+    FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)

 

     #

     # Save output file contents from input file


diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
index 3410668..199ebec 100644
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py

@@ -169,8 +169,8 @@
   if args.Encode:

     FullInputFileBuffer = args.InputFileBuffer

     if args.MonotonicCountStr:

-      format = "Q%ds" % len(args.InputFileBuffer)

-      FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)

+      format = "%dsQ" % len(args.InputFileBuffer)

+      FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)

     # 

     # Sign the input file using the specified private key and capture signature from STDOUT

     #

@@ -212,8 +212,8 @@
 

     FullInputFileBuffer = args.InputFileBuffer

     if args.MonotonicCountStr:

-      format = "Q%ds" % len(args.InputFileBuffer)

-      FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)

+      format = "%dsQ" % len(args.InputFileBuffer)

+      FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)

 

     #

     # Write Signature to output file
commit	245cda6641ade1f1013c2d5c9c838f2706636828	[log] [tgz]
author	Yonghong Zhu <yonghong.zhu@intel.com>	Thu Oct 13 15:59:06 2016 +0800
committer	Yonghong Zhu <yonghong.zhu@intel.com>	Mon Oct 17 13:26:22 2016 +0800
tree	bcb62157329d86345fdd7eb3c7d1a30eac94c310
parent	4dd8787a20e2b74cfcc297253f237e0ac86c9289 [diff]