sbs_create tool implements a generator for Signed Block Stream (SBS)
images as specified by the Bootloader Signed Block Stream of Commands
sbs_inspect tool dumps information about a given SBS image.
Copyright (C) 2020 Reto Buerki <email@example.com> Copyright (C) 2020 codelabs GmbH Copyright (C) 2020 secunet Security Networks AG This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
The latest version of the SBS tools is available through git:
$ git clone https://git.codelabs.ch/sbs-tools.git
To compile the SBS tools on your system, you need to have the following software installed:
GNAT Community 2019: https://www.adacore.com/download
After the build, the tool binaries will be located in the
Before you use the SBS tools on your system, it is recommended to test if everything works as expected. The SBS tools project contains a unit test suite which can be run by entering the following command:
$ make tests
An example GnuPG home directory containing a secret key without passphrase is
provided in the
data/gpg-homedir directory. Do not use this key for anything
important, it is strictly intended for illustrative purposes.
The example key can be used to protect any data file using the
$ echo "protect me" > dat $ bin/sbs_create -k data/gpg-homedir -i dat -o dat.sbs Processing input file 'dat' Input file size is 11 bytes, requiring 1 block(s) Output files size is 66202 bytes Signature length is 566 bytes Processing 1 block(s) Creating signature Signed stream written to 'dat.sbs'
sbs_inspect tool can be used to display information about an SBS image:
$ bin/sbs_inspect -s dat.sbs SBS file detected Block count : 1 Block size : 65536 Block data length : 65472 Signature length : 566 Header size : 100 Hashsum length : 64 Padding length : 65461 Hash algorithm ID 1 : HASH_SHA2_512 Hash algorithm ID 2 : HASH_NONE Hash algorithm ID 3 : HASH_NONE Hash algorithm ID 4 : HASH_NONE Signature scheme : SIGNATURE_PGP Root hash : 1255df4d21... Checking hashes ... Hashes valid
If the tool is called with the
-v switch, each block hash in the chain of
blocks is displayed as well.