1#!/usr/bin/perl -w 2# 3use strict; 4use Math::BigInt; 5use Fcntl "SEEK_SET"; 6 7die "Format: $0 [-s <systemmap-file>] <vmlinux-file> <keyring-file>\n" 8 if ($#ARGV != 1 && $#ARGV != 3 || 9 $#ARGV == 3 && $ARGV[0] ne "-s"); 10 11my $sysmap = ""; 12if ($#ARGV == 3) { 13 shift; 14 $sysmap = $ARGV[0]; 15 shift; 16} 17 18my $vmlinux = $ARGV[0]; 19my $keyring = $ARGV[1]; 20 21# 22# Parse the vmlinux section table 23# 24open FD, "objdump -h $vmlinux |" || die $vmlinux; 25my @lines = <FD>; 26close(FD) || die $vmlinux; 27 28my @sections = (); 29 30foreach my $line (@lines) { 31 chomp($line); 32 if ($line =~ /\s*([0-9]+)\s+(\S+)\s+([0-9a-f]+)\s+([0-9a-f]+)\s+([0-9a-f]+)\s+([0-9a-f]+)\s+2[*][*]([0-9]+)/ 33 ) { 34 my $seg = $1; 35 my $name = $2; 36 my $len = Math::BigInt->new("0x" . $3); 37 my $vma = Math::BigInt->new("0x" . $4); 38 my $lma = Math::BigInt->new("0x" . $5); 39 my $foff = Math::BigInt->new("0x" . $6); 40 my $align = 2 ** $7; 41 42 push @sections, { name => $name, 43 vma => $vma, 44 len => $len, 45 foff => $foff }; 46 } 47} 48 49print "Have $#sections sections\n"; 50 51# 52# Try and parse the vmlinux symbol table. If the vmlinux file has been created 53# from a vmlinuz file with extract-vmlinux then the symbol table will be empty. 54# 55open FD, "nm $vmlinux 2>/dev/null |" || die $vmlinux; 56@lines = <FD>; 57close(FD) || die $vmlinux; 58 59my %symbols = (); 60my $nr_symbols = 0; 61 62sub parse_symbols(@) { 63 foreach my $line (@_) { 64 chomp($line); 65 if ($line =~ /([0-9a-f]+)\s([a-zA-Z])\s(\S+)/ 66 ) { 67 my $addr = "0x" . $1; 68 my $type = $2; 69 my $name = $3; 70 71 $symbols{$name} = $addr; 72 $nr_symbols++; 73 } 74 } 75} 76parse_symbols(@lines); 77 78if ($nr_symbols == 0 && $sysmap ne "") { 79 print "No symbols in vmlinux, trying $sysmap\n"; 80 81 open FD, "<$sysmap" || die $sysmap; 82 @lines = <FD>; 83 close(FD) || die $sysmap; 84 parse_symbols(@lines); 85} 86 87die "No symbols available\n" 88 if ($nr_symbols == 0); 89 90print "Have $nr_symbols symbols\n"; 91 92die "Can't find system certificate list" 93 unless (exists($symbols{"__cert_list_start"}) && 94 exists($symbols{"system_certificate_list_size"})); 95 96my $start = Math::BigInt->new($symbols{"__cert_list_start"}); 97my $end; 98my $size; 99my $size_sym = Math::BigInt->new($symbols{"system_certificate_list_size"}); 100 101open FD, "<$vmlinux" || die $vmlinux; 102binmode(FD); 103 104my $s = undef; 105foreach my $sec (@sections) { 106 my $s_name = $sec->{name}; 107 my $s_vma = $sec->{vma}; 108 my $s_len = $sec->{len}; 109 my $s_foff = $sec->{foff}; 110 my $s_vend = $s_vma + $s_len; 111 112 next unless ($start >= $s_vma); 113 next if ($start >= $s_vend); 114 115 die "Certificate list size was not found on the same section\n" 116 if ($size_sym < $s_vma || $size_sym > $s_vend); 117 118 die "Cert object in multiple sections: ", $s_name, " and ", $s->{name}, "\n" 119 if ($s); 120 121 my $size_off = $size_sym -$s_vma + $s_foff; 122 my $packed; 123 die $vmlinux if (!defined(sysseek(FD, $size_off, SEEK_SET))); 124 sysread(FD, $packed, 8); 125 $size = unpack 'L!', $packed; 126 $end = $start + $size; 127 128 printf "Have %u bytes of certs at VMA 0x%x\n", $size, $start; 129 130 die "Cert object partially overflows section $s_name\n" 131 if ($end > $s_vend); 132 133 $s = $sec; 134} 135 136die "Cert object not inside a section\n" 137 unless ($s); 138 139print "Certificate list in section ", $s->{name}, "\n"; 140 141my $foff = $start - $s->{vma} + $s->{foff}; 142 143printf "Certificate list at file offset 0x%x\n", $foff; 144 145die $vmlinux if (!defined(sysseek(FD, $foff, SEEK_SET))); 146my $buf = ""; 147my $len = sysread(FD, $buf, $size); 148die "$vmlinux" if (!defined($len)); 149die "Short read on $vmlinux\n" if ($len != $size); 150close(FD) || die $vmlinux; 151 152open FD, ">$keyring" || die $keyring; 153binmode(FD); 154$len = syswrite(FD, $buf, $size); 155die "$keyring" if (!defined($len)); 156die "Short write on $keyring\n" if ($len != $size); 157close(FD) || die $keyring; 158