diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2016-03-25 10:38:11 -0400 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2016-03-25 11:10:12 -0400 |
| commit | a27a9f9ae4a509a660b9e26cedfc495bf46e3c99 (patch) | |
| tree | 4bb890a499089cc94cb28b8fb94771c4f90faf34 | |
| parent | 0c850b41a3f874ed2b56ae9b41ad106f237faf79 (diff) | |
| download | efitools-a27a9f9ae4a509a660b9e26cedfc495bf46e3c99.tar.gz | |
sig-list-to-certs: add -e option to break out all esl payloads
When manipulating signatures in user mode, it's often useful to read
all the signature lists individually, cat selected ones, authorise the
bundle and then write it. Adding a -e option to break out all the
individual signature lists saves messing about with dd in the global
esl.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rw-r--r-- | sig-list-to-certs.c | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/sig-list-to-certs.c b/sig-list-to-certs.c index 8bf8797..e56e048 100644 --- a/sig-list-to-certs.c +++ b/sig-list-to-certs.c @@ -31,17 +31,25 @@ int main(int argc, char *argv[]) { - char *certfile, *efifile, *name; + char *certfile, *efifile, *name, *esl_name; const char *progname = argv[0]; + int output_esl = 0; - if (argc != 3) { + if (argc != 3 && argc != 4) { printf("Usage: %s <efi sig list file> <cert file base name>\n", progname); exit(1); } + if (strcmp("-e", argv[1]) == 0) { + output_esl = 1; + argc--; + argv++; + } + efifile = argv[1]; certfile = argv[2]; name = malloc(strlen(certfile)+10); + esl_name = malloc(strlen(certfile)+10); int fd = open(efifile, O_RDONLY); if (fd < 0) { @@ -80,6 +88,8 @@ main(int argc, char *argv[]) certentry_for_each_cert(sd, sl) { + FILE *g; + if (memcmp(&sl->SignatureType, &EFI_CERT_X509_GUID, sizeof(EFI_GUID)) == 0) { printf("X509 "); ext = "der"; @@ -101,10 +111,17 @@ main(int argc, char *argv[]) EFI_GUID *guid = &sd->SignatureOwner; + sprintf(esl_name, "%s-%d.esl",certfile,count); sprintf(name, "%s-%d.%s",certfile,count++,ext); printf("file %s: Guid %s\n", name, guid_to_str(guid)); - FILE *g = fopen(name, "w"); + if (output_esl) { + g = fopen(esl_name, "w"); + fwrite(sl, 1, sl->SignatureListSize, g); + fclose(g); + } + + g = fopen(name, "w"); fwrite(sd->SignatureData, 1, sl->SignatureSize - OFFSET_OF(EFI_SIGNATURE_DATA, SignatureData), g); printf("Written %d bytes\n", sl->SignatureSize - (UINT32)OFFSET_OF(EFI_SIGNATURE_DATA, SignatureData)); fclose(g); |