Add an argument to sign ffu files during the build process

WOA-Project · Nov 1, 2024 · 121cfd9 · 121cfd9
1 parent 27e3996
commit 121cfd9
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 2 deletions.
diff --git a/Img2Ffu.Library/Writer/CatalogFactory.cs b/Img2Ffu.Library/Writer/CatalogFactory.cs
@@ -26,7 +26,7 @@ namespace Img2Ffu.Writer
 {
     internal static class CatalogFactory
     {
-        internal static Span<byte> GenerateCatalogFile(Span<byte> hashData)
+        internal static byte[] GenerateCatalogFile(Span<byte> hashData)
         {
             byte[] catalog_first_part = [0x30, 0x82, 0x01, 0x44, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02, 0xA0, 0x82, 0x01, 0x35, 0x30, 0x82, 0x01, 0x31, 0x02, 0x01, 0x01, 0x31, 0x00, 0x30, 0x82, 0x01, 0x26, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0A, 0x01, 0xA0, 0x82, 0x01, 0x17, 0x30, 0x82, 0x01, 0x13, 0x30, 0x0C, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0C, 0x01, 0x01, 0x04, 0x10, 0xA8, 0xCA, 0xD9, 0x7D, 0xBF, 0x6D, 0x67, 0x4D, 0xB1, 0x4D, 0x62, 0xFB, 0xE6, 0x26, 0x22, 0xD4, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x31, 0x31, 0x30, 0x31, 0x32, 0x31, 0x32, 0x32, 0x37, 0x5A, 0x30, 0x0E, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0C, 0x01, 0x02, 0x05, 0x00, 0x30, 0x81, 0xD1, 0x30, 0x81, 0xCE, 0x04, 0x1E, 0x48, 0x00, 0x61, 0x00, 0x73, 0x00, 0x68, 0x00, 0x54, 0x00, 0x61, 0x00, 0x62, 0x00, 0x6C, 0x00, 0x65, 0x00, 0x2E, 0x00, 0x62, 0x00, 0x6C, 0x00, 0x6F, 0x00, 0x62, 0x00, 0x00, 0x00, 0x31, 0x81, 0xAB, 0x30, 0x45, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x04, 0x31, 0x37, 0x30, 0x35, 0x30, 0x10, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x01, 0x19, 0xA2, 0x02, 0x80, 0x00, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02, 0x1A, 0x05, 0x00, 0x04, 0x14];
             byte[] catalog_second_part = [0x30, 0x62, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x0C, 0x02, 0x02, 0x31, 0x54, 0x30, 0x52, 0x1E, 0x4C, 0x00, 0x7B, 0x00, 0x44, 0x00, 0x45, 0x00, 0x33, 0x00, 0x35, 0x00, 0x31, 0x00, 0x41, 0x00, 0x34, 0x00, 0x32, 0x00, 0x2D, 0x00, 0x38, 0x00, 0x45, 0x00, 0x35, 0x00, 0x39, 0x00, 0x2D, 0x00, 0x31, 0x00, 0x31, 0x00, 0x44, 0x00, 0x30, 0x00, 0x2D, 0x00, 0x38, 0x00, 0x43, 0x00, 0x34, 0x00, 0x37, 0x00, 0x2D, 0x00, 0x30, 0x00, 0x30, 0x00, 0x43, 0x00, 0x30, 0x00, 0x34, 0x00, 0x46, 0x00, 0x43, 0x00, 0x32, 0x00, 0x39, 0x00, 0x35, 0x00, 0x45, 0x00, 0x45, 0x00, 0x7D, 0x02, 0x02, 0x02, 0x00, 0x31, 0x00];
@@ -82,5 +82,37 @@ internal static Span<byte> GenerateCatalogFile2(byte[] hashData)
 
             return catalogBuffer;
         }
+
+        internal static byte[] SignCatalogFile(byte[] catalogData, string secureBootSigningCommand)
+        {
+            string catalog = Path.GetTempFileName();
+            File.WriteAllBytes(catalog, catalogData);
+
+            using (Process process = new())
+            {
+                string programFileName = secureBootSigningCommand.Split(" ")[0];
+                string programArguments = (string.Concat(secureBootSigningCommand.AsSpan(programFileName.Length), string.Format("\"{0}\"", catalog))).Trim();
+
+                process.StartInfo.FileName = programFileName;
+                process.StartInfo.Arguments = programArguments;
+                process.StartInfo.UseShellExecute = false;
+                process.StartInfo.CreateNoWindow = true;
+                process.StartInfo.RedirectStandardOutput = true;
+
+                _ = process.Start();
+                process.WaitForExit();
+
+                if (process.ExitCode != 0)
+                {
+                    throw new Exception();
+                }
+            }
+
+            byte[] catalogBuffer = File.ReadAllBytes(catalog);
+
+            File.Delete(catalog);
+
+            return catalogBuffer;
+        }
     }
 }
diff --git a/Img2Ffu.Library/Writer/FFUFactory.cs b/Img2Ffu.Library/Writer/FFUFactory.cs
@@ -75,6 +75,7 @@ public static void GenerateFFU(
             string OperatingSystemVersion,
             FlashUpdateVersion FlashUpdateVersion,
             List<DeviceTargetInfo> deviceTargetingInformationArray,
+            string SecureBootSigningCommand,
             ILogging Logging)
         {
             if (File.Exists(FFUFile))
@@ -253,7 +254,13 @@ public static void GenerateFFU(
             Span<byte> HashTable = GenerateHashTable(FFUMetadataHeaderStream, BlockPayloads, BlockSize);
 
             Logging.Log("Generating image catalog...");
-            Span<byte> CatalogBuffer = CatalogFactory.GenerateCatalogFile(HashTable);
+            byte[] CatalogBuffer = CatalogFactory.GenerateCatalogFile(HashTable);
+
+            if (!string.IsNullOrEmpty(SecureBootSigningCommand))
+            {
+                Logging.Log("Signing image catalog...");
+                CatalogBuffer = CatalogFactory.SignCatalogFile(CatalogBuffer, SecureBootSigningCommand);
+            }
 
             Logging.Log("Generating Security Header...");
             SecurityHeader security = new()

diff --git a/Img2Ffu/Options.cs b/Img2Ffu/Options.cs
@@ -68,5 +68,11 @@ public FlashUpdateVersion FlashUpdateVersion
         {
             get; set;
         }
+
+        [Option('b', "secure-boot-signing-command", HelpText = "Optional command to sign the resulting FFU file to work in Secure Boot scenarios. The File to sign is passed as a path appended after the provided command string, and is the sole and only argument provided.", Default = "", Required = false)]
+        public required string SecureBootSigningCommand
+        {
+            get; set;
+        }
     }
 }
diff --git a/Img2Ffu/Program.cs b/Img2Ffu/Program.cs
@@ -239,6 +239,7 @@ private static void Main(string[] args)
                         o.OperatingSystemVersion,
                         o.FlashUpdateVersion,
                         deviceTargetingInformations,
+                        o.SecureBootSigningCommand,
                         logging);
                 }
                 catch (Exception ex)