mirror of https://github.com/ericonr/sbctl.git
keys: use goefi instead of calling sbsiglist.
This commit is contained in:
parent
995f61fd22
commit
38ceea8bd3
3
go.sum
3
go.sum
|
@ -1,5 +1,6 @@
|
|||
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
|
||||
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
|
||||
github.com/Foxboron/goefi v0.0.0-20200801135418-6d0e44e838f1 h1:2uos4/bDOnUT3721GUvvd31B5FqDpC1vcombIQzwxXg=
|
||||
github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
|
||||
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
|
||||
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
|
||||
|
@ -19,6 +20,7 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZm
|
|||
github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
|
||||
github.com/foxboron/goefi v0.0.0-20200514154950-f75d7eb492b7 h1:kgR7He9X3djcpeajbwg5RilafBVNTuHneugjFXq+7jc=
|
||||
github.com/foxboron/goefi v0.0.0-20200514154950-f75d7eb492b7/go.mod h1:cCrkwDedAKDCmYAhWzlcOqhFx5LtqKTEjqQbJpe6g4U=
|
||||
github.com/foxboron/goefi v0.0.0-20200801135418-6d0e44e838f1 h1:fF9A5rJU11g9ytmz5Gnoh6MRTZulBpByMozfByh32b0=
|
||||
github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
|
||||
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
|
||||
github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
|
||||
|
@ -90,6 +92,7 @@ github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGr
|
|||
github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
|
||||
github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q=
|
||||
go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
|
||||
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1 h1:A/5uWzF44DlIgdm/PQFwfMkW0JX+cIcQi/SwLAmZP5M=
|
||||
go.mozilla.org/pkcs7 v0.0.0-20200128120323-432b2356ecb1/go.mod h1:SNgMg+EgDFwmvSmLRTNKC5fegJjB7v23qTQ0XLGUNHk=
|
||||
go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
|
||||
go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
|
||||
|
|
15
keys.go
15
keys.go
|
@ -17,6 +17,8 @@ import (
|
|||
"strings"
|
||||
|
||||
"github.com/google/uuid"
|
||||
"github.com/foxboron/goefi/efi/signature"
|
||||
"github.com/foxboron/goefi/efi/util"
|
||||
)
|
||||
|
||||
var RSAKeySize = 4096
|
||||
|
@ -91,12 +93,13 @@ func SaveKey(k []byte, path string) {
|
|||
|
||||
func KeyToSiglist(UUID []byte, input string) []byte {
|
||||
msg.Printf("Create EFI signature list %s.esl...", input)
|
||||
args := fmt.Sprintf("--owner %s --type x509 --output %s.esl %s", UUID, input, input)
|
||||
out, err := exec.Command("/usr/bin/sbsiglist", strings.Split(args, " ")...).Output()
|
||||
if err != nil {
|
||||
log.Fatalf("Failed creating signature list: %s", err)
|
||||
}
|
||||
return out
|
||||
guid := util.StringToGUID(string(UUID))
|
||||
inputBuf, _ := ioutil.ReadFile(input)
|
||||
c := signature.NewSignatureList(inputBuf, *guid, signature.CERT_X509)
|
||||
buf := new(bytes.Buffer)
|
||||
signature.WriteSignatureList(buf, *c)
|
||||
ioutil.WriteFile(fmt.Sprintf("%s.esl", input), buf.Bytes(), 0644)
|
||||
return buf.Bytes()
|
||||
}
|
||||
|
||||
func SignEFIVariable(key, cert, varname, vardatafile, output string) []byte {
|
||||
|
|
Loading…
Reference in New Issue