CreateVault: Fix sign.command and update signing docs
#568
Conversation
mikebeaton
force-pushed
the
create-vault
branch
12 times, most recently
from
8359b3f
to
79eee8b
Compare
mikebeaton
force-pushed
the
create-vault
branch
from
79eee8b
to
6ce2f75
Compare
Library/OcMainLib/OpenCoreVault.c
Outdated
| STATIC_ASSERT ( | ||
| sizeof (OC_RSA_PUBLIC_KEY_2048) == sizeof (((OC_RSA_PUBLIC_KEY_2048 *)NULL)->Hdr) + sizeof (((OC_RSA_PUBLIC_KEY_2048 *)NULL)->Data), | ||
| "OC_RSA_PUBLIC_KEY_2048 is not naturally packed" | ||
| ); |
There was a problem hiding this comment.
Hmmm, maybe I should add another(?) assert that the size of this is 528, as expected by the script.
There was a problem hiding this comment.
Okay, actually just added this.
There was a problem hiding this comment.
Actually that should be the only ASSERT. Yours is more “obvious” why that size is chosen, but less readable. :( I think we use only the size constant everywhere.
There was a problem hiding this comment.
Which one(s) are you saying I should keep, of the four currently in here? (Btw I added the one for 528 because the script uses 528 hard coded - expand down a bit from where I edited the script in the PR.)
There was a problem hiding this comment.
Okay, yes, of the two for the size of that struct just 528.
But about the other two, for the containing struct? Maybe keep the +32 size one, since we removed packing on that struct as well?
mikebeaton
force-pushed
the
create-vault
branch
from
6ce2f75
to
d49e36a
Compare
Fix operation of `sign.command` when printable characters occur immediately before `=BEGIN OC VAULT=`. `strings` finds the location of the first printable character in such a sequence. `hexdump` automatically works on 16 byte boundaries, so still finds the correct offset. Use `BASE_ALIGNAS` to enforce the required alignment, which will not be correct on all builds unless enforced (note alignment is required purely for locating the structure correctly from external script as above, not for reading in C). Remove struct packing, since structs had better be naturally packed anyway (if not, reading from them without arbitrary-alignment-safe code, as we do, would be undefined behaviour). Add static asserts to confirm expected size as required by `sign.command`. Update the docs to refer to `sign.command` rather than to include the signing commands explicitly - otherwise we have two places that need to be kept in sync for signing commands, and note that the commands in the two places were already out of sync. Signed-off-by: Mike Beaton <[email protected]>
mikebeaton
force-pushed
the
create-vault
branch
from
d49e36a
to
35bcb13
Compare
Fixes acidanthera/bugtracker#2443.
Fix operation of
sign.commandwhen printable characters occur immediately before=BEGIN OC VAULT=.stringsfinds the location of the first printable character in such a sequence.hexdumpautomatically works on 16 byte boundaries, so still finds the correct offset.Use
BASE_ALIGNASto enforce the required alignment, which will not be correct on all builds unless enforced (note alignment is required purely for locating the structure correctly from external script as above, not for reading in C).Remove struct packing, since structs had better be naturally packed anyway (if not, reading from them without arbitrary-alignment-safe code, as we do, would be undefined behaviour). Add static asserts to confirm correct naturally packed layout.
Update the docs to refer to
sign.commandrather than to include the signing commands explicitly - otherwise we have two places that need to be kept in sync for signing commands, and note that the commands in the two places were already out of sync.