[PATCH] D96164: [lld-macho] add code signature for native arm64 macOS
Greg McGary via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Sun Feb 21 11:56:58 PST 2021
gkm marked an inline comment as done.
gkm added inline comments.
================
Comment at: lld/MachO/Writer.cpp:790-792
+ uint8_t *codeEnd =
+ buffer->getBufferEnd() -
+ (codeSignatureSection ? codeSignatureSection->getSize() : 0);
----------------
int3 wrote:
> is this necessary? I don't think hashing a few extra zero bytes makes a difference
Yes. `codeEnd` abuts the code-signature header, which is not hashed. "A few extra bytes" are significant, whether zero or not, and influence the hash. We stop hashing at `codeEnd` in order to honor the contract between signer and runtime.
================
Comment at: lld/MachO/Writer.cpp:790-792
+ uint8_t *codeEnd =
+ buffer->getBufferEnd() -
+ (codeSignatureSection ? codeSignatureSection->getSize() : 0);
----------------
int3 wrote:
> gkm wrote:
> > int3 wrote:
> > > is this necessary? I don't think hashing a few extra zero bytes makes a difference
> > Yes. `codeEnd` abuts the code-signature header, which is not hashed. "A few extra bytes" are significant, whether zero or not, and influence the hash. We stop hashing at `codeEnd` in order to honor the contract between signer and runtime.
> this doesn't seem done
Oh, sorry. I was confused. This is for UUID, not code-signature. I am playing it safe here: only compute UUID for the image as it is before code signature is added.
How do you prefer I handle this?
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D96164/new/
https://reviews.llvm.org/D96164
More information about the llvm-commits
mailing list