Giters

jiazhang0 / sbsigntools

Use to show how QEMU Kernel Direct Boot affects the measurement of kernel with efi-stub

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

- Note: refer to README.orig for the build steps.

- First, generate a self-signed example certificate.

- Compute the PE authenticate hash
  ```shell
  ./src/sbsign --key sample.pem --cert sample.pem bzImage
  ```

  example output:
  ```
  sum region: 0x0000 -> 0x00d9 [0x00da bytes]
  sum region: 0x00de -> 0x0129 [0x004c bytes]
  sum region: 0x0132 -> 0x01ff [0x00ce bytes]
  sum region: 0x0200 -> 0x39df [0x37e0 bytes]
  sum region: 0x39e0 -> 0x39ff [0x0020 bytes]
  sum region: 0x3a00 -> 0x61d71f [0x619d20 bytes]
  sha384 digest: ae53ade456d0eaddb739e78914390bc6f33e368bc67a57dc8751aa863fbce1de6ef7ae951e1dc17d9d24db098763f77d
  ```

- Compute the PE authenticate hash with patched bzImage
  ```shell
  ./src/sbsign --key sample.pem --cert sample.pem -Q bzImage
  ```

  example output:
  ```
  patching @0x210 (type_of_loader) to 0xb0 ...
  patching @0x211 (loadflags) to 0x81 ...
  patching @0x224 (heap_end_ptr) to 0xfe00 ...
  patching @0x228 (cmd_line_ptr) to 0x20000
  sum region: 0x0000 -> 0x00d9 [0x00da bytes]
  sum region: 0x00de -> 0x0129 [0x004c bytes]
  sum region: 0x0132 -> 0x01ff [0x00ce bytes]
  sum region: 0x0200 -> 0x39df [0x37e0 bytes]
  sum region: 0x39e0 -> 0x39ff [0x0020 bytes]
  sum region: 0x3a00 -> 0x61d71f [0x619d20 bytes]
  sha384 digest: 283471cdbd2b3ee19142938daa12edd9eda3ff8422f14ff4190c3f0140ca4ef1b4685bacda6d025b84f159d7f6ea2a88 
  ```

About

Use to show how QEMU Kernel Direct Boot affects the measurement of kernel with efi-stub

License:Other

Languages

Language:C 92.0%Language:Shell 4.4%Language:Makefile 2.2%Language:M4 1.5%