VirtualBox

Changeset 93245 in vbox


Ignore:
Timestamp:
Jan 14, 2022 11:53:34 PM (3 years ago)
Author:
vboxsync
Message:

/Config.kmk: Added a 'win_with_ev' variation to VBOX_WITH_CORP_CODE_SIGNING, where we add a nested EV signature from corp signing to whatever we've configured for normal signing (typically dual signing). bugref:10162

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Config.kmk

    r93238 r93245  
    39783978  endif
    39793979
     3980  ## Local SHA-1 and SHA-256 signatures with EV SHA-256 signature from corp code signing.
     3981  #
     3982  # This builds on Plan B, since the corp code signing always replaces existing signatures.
     3983  # So, here is what we do.
     3984  #   1. Sign $1 using local SHA-1 certificate.
     3985  #   2. Make temporary copy of $1 as $1.ccs
     3986  #   3. Do SHA-256 corp code signing of $1.ccs
     3987  #   4. Add the SHA-256 signature from $1.ccs to $1 using bldRTSignTool.
     3988  #   5. Delete $1.ccs.
     3989  #
     3990  # @param 1  The file to sign.
     3991  # @param 2  File description. Optional.
     3992  # @param 3  Additional parameters. Optional.
     3993  # @param 4  Set to 2 if the expression will be expanded twice before chopped into commands (for _CMDS).
     3994  # @param 5  Disables dual signing if non-empty.
     3995  #
     3996  # @remarks The parameters are the same as VBOX_SIGN_FILE_FN.
     3997  VBOX_SIGN_IMAGE_WITH_EV_FN = $(call VBOX_SIGN_FILE_FN,$1,$2,$3,$4,$5)$(if-expr "$5" == "",\
     3998        $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(RM) -f -- "$1.ccs" \
     3999        $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(CP) -- "$1" "$1.ccs" \
     4000        $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(call VBOX_CCS_SIGN_CMD,microsoftev,$1.ccs,,-digest_algo SHA2) \
     4001        $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(VBOX_RTSIGNTOOL) add-nested-$(if-expr "$(suffix $1)" == ".cat",cat,exe)-signature -v "$1" "$1.ccs" \
     4002        $(if-expr "$4" == "2",$$(NLTAB),$(NLTAB))$(RM) -f -- "$1.ccs" \
     4003        ,)
     4004
     4005
    39804006  ## Corp code signing for drivers and catalogs, plan B.
    39814007  #
     
    40174043  # @param 2  File description. Optional.
    40184044  # @param 3  Set to 2 if the expression will be expanded twice before chopped into commands (for _CMDS).
    4019   VBOX_SIGN_IMAGE_FN     ?= $(call VBOX_SIGN_FILE_FN,$(1),$(2),/ph,$(3))
     4045  if1of (win_with_ev,$(VBOX_WITH_CORP_CODE_SIGNING))
     4046   VBOX_SIGN_IMAGE_FN    ?= $(call VBOX_SIGN_IMAGE_WITH_EV_FN,$(1),$(2),/ph,$(3))
     4047  else
     4048   VBOX_SIGN_IMAGE_FN    ?= $(call VBOX_SIGN_FILE_FN,$(1),$(2),/ph,$(3))
     4049  endif
    40204050
    40214051  ## Commands for signing a driver image after link.
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette