[PATCH] D96164: [lld-macho] add code signature for native arm64 macOS
Greg McGary via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Sun Feb 21 13:31:37 PST 2021
gkm marked 2 inline comments as done.
gkm added a comment.
I won't complain if someone accepts the diff! ;)
================
Comment at: lld/MachO/Writer.cpp:790-792
+ uint8_t *codeEnd =
+ buffer->getBufferEnd() -
+ (codeSignatureSection ? codeSignatureSection->getSize() : 0);
----------------
cynecx wrote:
> gkm wrote:
> > int3 wrote:
> > > gkm wrote:
> > > > int3 wrote:
> > > > > is this necessary? I don't think hashing a few extra zero bytes makes a difference
> > > > Yes. `codeEnd` abuts the code-signature header, which is not hashed. "A few extra bytes" are significant, whether zero or not, and influence the hash. We stop hashing at `codeEnd` in order to honor the contract between signer and runtime.
> > > this doesn't seem done
> > Oh, sorry. I was confused. This is for UUID, not code-signature. I am playing it safe here: only compute UUID for the image as it is before code signature is added.
> >
> > How do you prefer I handle this?
> Isn't codesign doing the exact same thing? So, I guess the current approach is alright.
The mechanisms are similar:
* `LC_UUID` has a minimal header and signs with md5
* `LC_CODE_SIGNATURE` has a more elaborate header and signs with sha256
The precise use(s) of the UUID is unclear to me, due to lack of documentation. As best I can tell, it is used as a unique identifier for program & library content, i.e., it morphs with every code change. I do not see it used to verify content.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D96164/new/
https://reviews.llvm.org/D96164
More information about the llvm-commits
mailing list