Fix broken sigining of EXT2 rootfs #1456
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mikbras
force-pushed
the
signing.fix
branch
2 times, most recently
from
713fd51
to
4f81bb6
Compare
salsal97
approved these changes
Feb 9, 2023
jxyang
reviewed
Feb 9, 2023
| @@ -440,10 +443,28 @@ int _sign(int argc, const char* argv[]) | |||
| assert(myst_validate_file_path(program_file)); | |||
| assert(myst_validate_file_path(temp_oeconfig_file)); | |||
|
|
|||
| /* if not a CPIO archive, create a zero-filled file with one page */ | |||
| if (myst_cpio_test(rootfs) == -ENOTSUP) | |||
There was a problem hiding this comment.
Should we check roothashes_opt for a quicker determination?
mikbras
force-pushed
the
signing.fix
branch
2 times, most recently
from
a39343f
to
c744062
Compare
salsal97
reviewed
Feb 10, 2023
| @@ -0,0 +1,56 @@ | |||
| TOP=$(abspath ../..) | |||
There was a problem hiding this comment.
This test should live in the tests/myst directory with the other signing tests
mikbras
force-pushed
the
signing.fix
branch
3 times, most recently
from
58b9dde
to
7ec1638
Compare
paulcallen
approved these changes
Feb 10, 2023
radhikaj
reviewed
Feb 10, 2023
| @@ -28,7 +28,9 @@ package.pem: | |||
|
|
|||
| package: package.pem ext2rootfs | |||
| echo "Generating a signed package" | |||
| @myst package-sgx --roothash=roothash appdir package.pem ../config.json | |||
| @myst package-sgx --roothash=roothash package.pem ../config.json | |||
There was a problem hiding this comment.
What does it mean when both roothash and appdir are present in args? Should this be prevented(we should not change what we have, just wondering..)
There was a problem hiding this comment.
The TEE_aware sample also takes appdir as a command line arg
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signing of EXT2 images (using
myst sign) was copying the entire EXT2 rootfs into the enclave image rather than a stub.Added
./tests/signto verify signing of EXT4-based images. Added negative test too.