From: "Paulo Henrique Lacerda de Amorim" <phlamorim@riseup.net>
To: devel@edk2.groups.io, sun2sirius@gmail.com
Subject: Re: [edk2-devel] Interpretation of specification
Date: Tue, 26 Nov 2019 12:22:28 -0300 [thread overview]
Message-ID: <0daf62c6-f746-9e3c-bc01-e32b11161b6f@riseup.net> (raw)
In-Reply-To: <17919.1574748523014243625@groups.io>
[-- Attachment #1: Type: text/plain, Size: 1929 bytes --]
The GUID im using is 301d199a-4dc1-4b26-b557-a012d83d7a52 and the
variable names are file_name and file_hash, im using the following
script to generate my key/cert.
genkeys.sh: https://pastebin.com/iYEFLQD7
The payloads im trying to write is generated using a small script which
receive a single parameter which is a file name, the script just create
two files, file_name.txt with the file name converted to CHAR16 and
file_hash.txt with the SHA512 of the contents of the file. Then the
script uses sbvarsign to sign both, creating file_name.signed and
file_hash.signed using the previous generated keys.
create_auth_var_files.sh: https://pastebin.com/XhV9RbEB
Then with the payloads(file_name.signed and file_hash.signed) in the
same directory of my UEFI Application i run the application from the
UEFI Shell, which open these files, copy to a buffer and use them when
calling SetVariable.
TestPkg.c: https://pastebin.com/LbYvvrWH
The to16 is just a poor program to turn the passed parameter to
auth_create_var_files.sh in a valid CHAR16 string, as following
https://pastebin.com/AhjdzQrC.
The UEFI Application is just the TestPkg.c, i can upload the .inf and
.dsc files too if you want, and warn me if you want more information.
Em 26/11/2019 03:08, Eugene Khoruzhenko escreveu:
> No, we do not have access to the manufacturer's PK/KEK, so I created
> my own keys and certs. Theoretically, to debug this you can send me
> the GUID/Name and payload you are trying to write, I can check if I
> can write your variable with my tool and signing. Then I could look at
> your code and compare with mine and see why it does not work. If your
> code works on my devices, maybe the specific model you have has some
> issue? BTW, try the other vendors, like Lenovo and HP. I only cannot
> promise when I will be able to get to it with holidays approaching and
> many other things to do...
>
[-- Attachment #2: Type: text/html, Size: 2857 bytes --]
next prev parent reply other threads:[~2019-11-26 15:22 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-23 17:12 Interpretation of specification phlamorim
2019-10-24 12:33 ` [edk2-devel] " Laszlo Ersek
2019-11-15 18:51 ` phlamorim
2019-11-15 21:32 ` Laszlo Ersek
2019-11-23 4:59 ` Eugene Khoruzhenko
2019-11-23 13:08 ` Paulo Henrique Lacerda de Amorim
2019-11-26 6:08 ` Eugene Khoruzhenko
2019-11-26 15:22 ` Paulo Henrique Lacerda de Amorim [this message]
2020-01-03 19:52 ` Eugene Khoruzhenko
2020-01-04 17:17 ` Paulo Henrique Lacerda de Amorim
2020-01-07 18:13 ` Eugene Khoruzhenko
2020-01-08 11:24 ` Laszlo Ersek
2020-01-08 19:13 ` James Bottomley
2020-01-09 17:17 ` Laszlo Ersek
2020-01-09 17:20 ` James Bottomley
2020-01-10 10:55 ` Laszlo Ersek
2020-01-10 16:04 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-list from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0daf62c6-f746-9e3c-bc01-e32b11161b6f@riseup.net \
--to=devel@edk2.groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox