BaseTools: Update sign tool to make MonotonicCount *after* Payload
The WIN_CERTIFICATE_UEFI_GUID AuthInfo defined in the UEFI spec
mentioned that It is a signature across the image data and the
Monotonic Count value. After clarification, we do the signature
calculation, we put MonotonicCount after Payload.
Cc: Liming Gao <liming.gao@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Yonghong Zhu <yonghong.zhu@intel.com>
Reviewed-by: Liming Gao <liming.gao@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>
Tested-by: Jiewen Yao <jiewen.yao@intel.com>
diff --git a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
index b9f8c06..f0b2d8a 100644
--- a/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
+++ b/BaseTools/Source/Python/Pkcs7Sign/Pkcs7Sign.py
@@ -197,8 +197,8 @@
print 'ERROR: test other public cert file %s missing' % (args.OtherPublicCertFileName)
sys.exit(1)
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
#
# Sign the input file using the specified private key and capture signature from STDOUT
@@ -261,8 +261,8 @@
args.SignatureBuffer = args.InputFileBuffer[0:SignatureSize]
args.InputFileBuffer = args.InputFileBuffer[SignatureSize:]
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
#
# Save output file contents from input file
diff --git a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
index 3410668..199ebec 100644
--- a/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
+++ b/BaseTools/Source/Python/Rsa2048Sha256Sign/Rsa2048Sha256Sign.py
@@ -169,8 +169,8 @@
if args.Encode:
FullInputFileBuffer = args.InputFileBuffer
if args.MonotonicCountStr:
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
#
# Sign the input file using the specified private key and capture signature from STDOUT
#
@@ -212,8 +212,8 @@
FullInputFileBuffer = args.InputFileBuffer
if args.MonotonicCountStr:
- format = "Q%ds" % len(args.InputFileBuffer)
- FullInputFileBuffer = struct.pack(format,args.MonotonicCountValue, args.InputFileBuffer)
+ format = "%dsQ" % len(args.InputFileBuffer)
+ FullInputFileBuffer = struct.pack(format, args.InputFileBuffer, args.MonotonicCountValue)
#
# Write Signature to output file