mirror of
https://github.com/LongSoft/UEFITool.git
synced 2024-11-21 23:48:22 +08:00
Calculate key manifest public key hashes that could be written into FPFs
This commit is contained in:
parent
7e5e02b4b4
commit
89a302e5d9
@ -3766,7 +3766,7 @@ USTATUS FfsParser::parseVendorHashFile(const UByteArray & fileGuid, const UModel
|
||||
}
|
||||
|
||||
if (protectedRangesFound) {
|
||||
securityInfo += usprintf("Phoenix hash file found at base %08Xh\nProtected ranges:", model->base(index));
|
||||
securityInfo += usprintf("Phoenix hash file found at base %08Xh\nProtected ranges:\n", model->base(index));
|
||||
for (UINT32 i = 0; i < header->NumEntries; i++) {
|
||||
const PROTECTED_RANGE_VENDOR_HASH_FILE_ENTRY* entry = (const PROTECTED_RANGE_VENDOR_HASH_FILE_ENTRY*)(header + 1) + i;
|
||||
securityInfo += usprintf("RelativeOffset: %08Xh Size: %Xh\nHash: ", entry->Base, entry->Size);
|
||||
@ -3828,7 +3828,7 @@ USTATUS FfsParser::parseVendorHashFile(const UByteArray & fileGuid, const UModel
|
||||
protectedRanges.push_back(range);
|
||||
}
|
||||
|
||||
msg(usprintf("%s: new AMI hash file found", __FUNCTION__), fileIndex);
|
||||
msg(usprintf("%s: AMI hash file v2 found", __FUNCTION__), fileIndex);
|
||||
}
|
||||
else if (size == sizeof(PROTECTED_RANGE_VENDOR_HASH_FILE_HEADER_AMI_V1)) {
|
||||
securityInfo += usprintf("AMI hash file v1 found at base %08Xh\nProtected range:\n", model->base(fileIndex));
|
||||
@ -3849,7 +3849,7 @@ USTATUS FfsParser::parseVendorHashFile(const UByteArray & fileGuid, const UModel
|
||||
protectedRanges.push_back(range);
|
||||
}
|
||||
|
||||
msg(usprintf("%s: old AMI hash file found", __FUNCTION__), fileIndex);
|
||||
msg(usprintf("%s: AMI hash file v1 found", __FUNCTION__), fileIndex);
|
||||
}
|
||||
else {
|
||||
msg(usprintf("%s: unknown or corrupted AMI hash file found", __FUNCTION__), index);
|
||||
|
@ -486,6 +486,22 @@ USTATUS FitParser::parseFitEntryBootGuardKeyManifest(const UByteArray & keyManif
|
||||
}
|
||||
kmInfo += "\n";
|
||||
|
||||
// Calculate the hashes of public key modulus only
|
||||
// One of those hashes is what's getting written into Field Programmable Fuses
|
||||
UINT8 hash[SHA384_HASH_SIZE] = {};
|
||||
sha256(key_signature->public_key()->modulus().data(), key_signature->public_key()->modulus().length(), hash);
|
||||
kmInfo += usprintf("Key Manifest Public Key Hash (SHA256): ");
|
||||
for (UINT8 i = 0; i < SHA256_HASH_SIZE; i++) {
|
||||
kmInfo += usprintf("%02X", hash[i]);
|
||||
}
|
||||
kmInfo += "\n";
|
||||
sha384(key_signature->public_key()->modulus().data(), key_signature->public_key()->modulus().length(), hash);
|
||||
kmInfo += usprintf("Key Manifest Public Key Hash (SHA384): ");
|
||||
for (UINT8 i = 0; i < SHA384_HASH_SIZE; i++) {
|
||||
kmInfo += usprintf("%02X", hash[i]);
|
||||
}
|
||||
kmInfo += "\n";
|
||||
|
||||
// Add Signature
|
||||
kmInfo += UString("Key Manifest Signature: ");
|
||||
for (UINT16 i = 0; i < (UINT16)key_signature->signature()->signature().length(); i++) {
|
||||
@ -578,6 +594,22 @@ USTATUS FitParser::parseFitEntryBootGuardKeyManifest(const UByteArray & keyManif
|
||||
}
|
||||
kmInfo += "\n";
|
||||
|
||||
// Calculate the hashes of public key modulus only
|
||||
// One of those hashes is what's getting written into Field Programmable Fuses
|
||||
UINT8 hash[SHA384_HASH_SIZE] = {};
|
||||
sha256(key_signature->public_key()->modulus().data(), key_signature->public_key()->modulus().length(), hash);
|
||||
kmInfo += usprintf("Key Manifest Public Key Hash (SHA256): ");
|
||||
for (UINT8 i = 0; i < SHA256_HASH_SIZE; i++) {
|
||||
kmInfo += usprintf("%02X", hash[i]);
|
||||
}
|
||||
kmInfo += "\n";
|
||||
sha384(key_signature->public_key()->modulus().data(), key_signature->public_key()->modulus().length(), hash);
|
||||
kmInfo += usprintf("Key Manifest Public Key Hash (SHA384): ");
|
||||
for (UINT8 i = 0; i < SHA384_HASH_SIZE; i++) {
|
||||
kmInfo += usprintf("%02X", hash[i]);
|
||||
}
|
||||
kmInfo += "\n";
|
||||
|
||||
// Add Signature
|
||||
kmInfo += UString("Key Manifest Signature: ");
|
||||
for (UINT16 i = 0; i < (UINT16)key_signature->signature()->signature().length(); i++) {
|
||||
|
Loading…
Reference in New Issue
Block a user