示例#1
0
    def test_should_be_able_to_fetch_a_builtin_signer_module(self):
        py_signer = signing_helper.get_signer(signing_helper.PYOPENSSL_SIGNER)
        self.assertTrue(hasattr(py_signer, 'sign'))

        signtoolsigner = signing_helper.get_signer(
            signing_helper.SIGNTOOL_SIGNER)
        self.assertTrue(hasattr(signtoolsigner, 'sign'))
示例#2
0
def createSignedPolicy(filename: str,
                       signer_type: str,
                       pkcs12_test: bool = False) -> None:
    manf = bytes.decode(open('Manufacturer.bin', 'rb').read(),
                        encoding='utf_16_le')
    prod = bytes.decode(open('Product.bin', 'rb').read(), encoding='utf_16_le')
    sn = bytes.decode(open('SerialNumber.bin', 'rb').read(),
                      encoding='utf_16_le')
    oem1 = bytes.decode(open('OEM_01.bin', 'rb').read(), encoding='utf_16_le')
    oem2 = bytes.decode(open('OEM_02.bin', 'rb').read(), encoding='utf_16_le')
    nonceInt = struct.unpack('<Q', open('TargetNonce.bin', 'rb').read())[0]
    devicePolicy = 3
    policy_ba = CreatePolicyFromParameters(manf, prod, sn, nonceInt, oem1,
                                           oem2, devicePolicy)

    signer_options = {
        'key_file_format':
        'pkcs12',
        'key_file':
        os.path.abspath(
            os.path.join(os.path.dirname(os.path.abspath(__file__)), PFX)),
        'oid':
        OID
    }

    if signer_type == 'signtool':
        signer = signing_helper.get_signer(signing_helper.SIGNTOOL_SIGNER)
        signature_options = {
            'type': 'pkcs7',
            'type_options': {'embedded'},
            'encoding': 'DER',
            'hash_alg': 'sha256'
        }
    elif signer_type == 'openssl':
        signer = signing_helper.get_signer(signing_helper.PYOPENSSL_SIGNER)
        signature_options = {
            'type': 'bare',
            'encoding': 'binary',
            'hash_alg': 'sha256'
        }
    else:
        raise Exception

    if pkcs12_test is True:
        signature_options['sign_alg'] = 'pkcs12'

    print('\nSigning ' + filename)
    signed = signer.sign(policy_ba, signature_options, signer_options)
    print('Signing complete.\n')

    print(signed)
    open(filename + '.bin', 'wb').write(policy_ba)
    open(filename + '.bin.p7', 'wb').write(signed)
示例#3
0
def main():
    args = get_cli_options()
    final_options = update_options(load_options_file(args.options_file),
                                   args.capsule_options, args.signer_options)

    # Verify minimum capsule options.
    required_capsule_options = ('fw_name', 'fw_version', 'lsv_version',
                                'fw_version_string', 'provider_name',
                                'fw_description', 'esrt_guid')
    missing_capsule_options = tuple(option
                                    for option in required_capsule_options
                                    if option not in final_options['capsule'])
    if len(missing_capsule_options) > 0:
        logging.error("Missing required capsule options: " +
                      ", ".join(missing_capsule_options) + "!")
        logging.error(
            "Options MUST be provided in either the options file or on the command line."
        )
        sys.exit(1)

    # Next, we're gonna need a signer.
    if args.builtin_signer is not None:
        signer = signing_helper.get_signer(args.builtin_signer)
    elif args.module_signer is not None:
        signer = signing_helper.get_signer(signing_helper.PYPATH_MODULE_SIGNER,
                                           args.module_signer)
    elif args.local_signer is not None:
        signer = signing_helper.get_signer(signing_helper.LOCAL_MODULE_SIGNER,
                                           args.local_signer)

    # Now, build the capsule.
    uefi_capsule_header = capsule_helper.build_capsule(
        args.capsule_payload.read(), final_options['capsule'], signer,
        final_options['signer'])

    # Save the capsule.
    capsule_helper.save_capsule(uefi_capsule_header, final_options['capsule'],
                                args.output_dir)

    # Build the INF file.
    capsule_helper.create_inf_file(final_options['capsule'], args.output_dir)

    # Build the CAT file.
    capsule_helper.create_cat_file(final_options['capsule'], args.output_dir)

    # If requested, save the final options for provenance.
    if args.save_final_options:
        final_options_file = os.path.join(args.output_dir,
                                          'Final_Capsule_Options.yaml')
        with open(final_options_file, 'w') as options_file:
            yaml.dump(final_options, options_file, indent=2)
示例#4
0
 def test_should_be_able_to_fetch_a_user_provided_signer_module(self):
     test_script_path = os.path.dirname(os.path.abspath(__file__))
     # TEST NOTE: This is a little hacky and will break if relative paths are changed.
     module_root_path = os.path.dirname(os.path.dirname(test_script_path))
     py_signer_path = os.path.join(module_root_path, 'capsule',
                                   'pyopenssl_signer.py')
     self.assertTrue(os.path.isfile(py_signer_path))
     py_signer = signing_helper.get_signer(
         signing_helper.LOCAL_MODULE_SIGNER, py_signer_path)
     self.assertTrue(hasattr(py_signer, 'sign'))
示例#5
0
 def test_should_be_able_to_pass_a_signing_module(self):
     py_signer = signing_helper.get_signer(
         signing_helper.PYPATH_MODULE_SIGNER,
         'edk2toolext.capsule.pyopenssl_signer')
     self.assertTrue(hasattr(py_signer, 'sign'))