def _format(self, terse: bool) -> str:
vh = self.fw.vendor_header
if not terse:
vhash = compute_vhash(vh)
output = [
"Vendor Header " + _format_container(vh),
"Pubkey bundle hash: {}".format(vhash.hex()),
]
else:
output = [
"Vendor Header for {vendor} version {version} ({size} bytes)".
format(
vendor=click.style(vh.text, bold=True),
version=_format_version(vh.version),
size=vh.header_len,
),
]
fingerprint = firmware.header_digest(vh)
if not terse:
output.append("Fingerprint: {}".format(
click.style(fingerprint.hex(), bold=True)))
sig_status = self.check_signature()
sym = SYM_OK if sig_status.is_ok() else SYM_FAIL
output.append("{} Signature is {}".format(sym, sig_status.value))
return "\n".join(output)
def _check_signature_any(header: c.Container, m: int, pubkeys: List[bytes],
is_devel: bool) -> Optional[bool]:
if all_zero(header.signature) and header.sigmask == 0:
return Status.MISSING
try:
digest = firmware.header_digest(header)
cosi.verify(header.signature, digest, m, pubkeys, header.sigmask)
return Status.VALID if not is_devel else Status.DEVEL
except Exception:
return Status.INVALID
def digest(self) -> bytes:
return firmware.header_digest(self.digest_header)