extract-sys-certs.pl (3836B)
1#!/usr/bin/env perl 2# SPDX-License-Identifier: GPL-2.0 3# 4use warnings; 5use strict; 6use Math::BigInt; 7use Fcntl "SEEK_SET"; 8 9die "Format: $0 [-s <systemmap-file>] <vmlinux-file> <keyring-file>\n" 10 if ($#ARGV != 1 && $#ARGV != 3 || 11 $#ARGV == 3 && $ARGV[0] ne "-s"); 12 13my $sysmap = ""; 14if ($#ARGV == 3) { 15 shift; 16 $sysmap = $ARGV[0]; 17 shift; 18} 19 20my $vmlinux = $ARGV[0]; 21my $keyring = $ARGV[1]; 22 23# 24# Parse the vmlinux section table 25# 26open FD, "objdump -h $vmlinux |" || die $vmlinux; 27my @lines = <FD>; 28close(FD) || die $vmlinux; 29 30my @sections = (); 31 32foreach my $line (@lines) { 33 chomp($line); 34 if ($line =~ /\s*([0-9]+)\s+(\S+)\s+([0-9a-f]+)\s+([0-9a-f]+)\s+([0-9a-f]+)\s+([0-9a-f]+)\s+2[*][*]([0-9]+)/ 35 ) { 36 my $seg = $1; 37 my $name = $2; 38 my $len = Math::BigInt->new("0x" . $3); 39 my $vma = Math::BigInt->new("0x" . $4); 40 my $lma = Math::BigInt->new("0x" . $5); 41 my $foff = Math::BigInt->new("0x" . $6); 42 my $align = 2 ** $7; 43 44 push @sections, { name => $name, 45 vma => $vma, 46 len => $len, 47 foff => $foff }; 48 } 49} 50 51print "Have $#sections sections\n"; 52 53# 54# Try and parse the vmlinux symbol table. If the vmlinux file has been created 55# from a vmlinuz file with extract-vmlinux then the symbol table will be empty. 56# 57open FD, "nm $vmlinux 2>/dev/null |" || die $vmlinux; 58@lines = <FD>; 59close(FD) || die $vmlinux; 60 61my %symbols = (); 62my $nr_symbols = 0; 63 64sub parse_symbols(@) { 65 foreach my $line (@_) { 66 chomp($line); 67 if ($line =~ /([0-9a-f]+)\s([a-zA-Z])\s(\S+)/ 68 ) { 69 my $addr = "0x" . $1; 70 my $type = $2; 71 my $name = $3; 72 73 $symbols{$name} = $addr; 74 $nr_symbols++; 75 } 76 } 77} 78parse_symbols(@lines); 79 80if ($nr_symbols == 0 && $sysmap ne "") { 81 print "No symbols in vmlinux, trying $sysmap\n"; 82 83 open FD, "<$sysmap" || die $sysmap; 84 @lines = <FD>; 85 close(FD) || die $sysmap; 86 parse_symbols(@lines); 87} 88 89die "No symbols available\n" 90 if ($nr_symbols == 0); 91 92print "Have $nr_symbols symbols\n"; 93 94die "Can't find system certificate list" 95 unless (exists($symbols{"__cert_list_start"}) && 96 exists($symbols{"system_certificate_list_size"})); 97 98my $start = Math::BigInt->new($symbols{"__cert_list_start"}); 99my $end; 100my $size; 101my $size_sym = Math::BigInt->new($symbols{"system_certificate_list_size"}); 102 103open FD, "<$vmlinux" || die $vmlinux; 104binmode(FD); 105 106my $s = undef; 107foreach my $sec (@sections) { 108 my $s_name = $sec->{name}; 109 my $s_vma = $sec->{vma}; 110 my $s_len = $sec->{len}; 111 my $s_foff = $sec->{foff}; 112 my $s_vend = $s_vma + $s_len; 113 114 next unless ($start >= $s_vma); 115 next if ($start >= $s_vend); 116 117 die "Certificate list size was not found on the same section\n" 118 if ($size_sym < $s_vma || $size_sym > $s_vend); 119 120 die "Cert object in multiple sections: ", $s_name, " and ", $s->{name}, "\n" 121 if ($s); 122 123 my $size_off = $size_sym -$s_vma + $s_foff; 124 my $packed; 125 die $vmlinux if (!defined(sysseek(FD, $size_off, SEEK_SET))); 126 sysread(FD, $packed, 8); 127 $size = unpack 'L!', $packed; 128 $end = $start + $size; 129 130 printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start; 131 132 die "Cert object partially overflows section $s_name\n" 133 if ($end > $s_vend); 134 135 $s = $sec; 136} 137 138die "Cert object not inside a section\n" 139 unless ($s); 140 141print "Certificate list in section ", $s->{name}, "\n"; 142 143my $foff = $start - $s->{vma} + $s->{foff}; 144 145printf "Certificate list at file offset 0x%x\n", $foff; 146 147die $vmlinux if (!defined(sysseek(FD, $foff, SEEK_SET))); 148my $buf = ""; 149my $len = sysread(FD, $buf, $size); 150die "$vmlinux" if (!defined($len)); 151die "Short read on $vmlinux\n" if ($len != $size); 152close(FD) || die $vmlinux; 153 154open FD, ">$keyring" || die $keyring; 155binmode(FD); 156$len = syswrite(FD, $buf, $size); 157die "$keyring" if (!defined($len)); 158die "Short write on $keyring\n" if ($len != $size); 159close(FD) || die $keyring;