Wednesday, 5 March 2014

How to compile EFITOOLS to 32bits instead of 64bits?

What is EFITOOLS?
This is an UEFI tool that able to help you to load your PK, KEK, DB keys into the Firmware and enabled Secure Boot on your Computer.
It is also able to help you create the Private and Public Keys of PK, KEK and DB.

Why Compile 32bits Version instead of 64bits?
When you want to boot 32bit OS, you'll need 32bit UEFI BIOS. Since you are running 32bit UEFI BIOS, you can only execute EFI or binaries that are compile for 32bit.

Steps to compile 32bit version of EFITools:

1) Requirement:
32bit OS(32bit version) 64bit OS (64bit version) Fedora /Ubuntu / Linux based OS
In our example we will use Fedora 32bit. You can use 64bit OS to compile for 32bit version, however, my guide does not include that.

2) Download required dependancy and libraries needed:

a) Get the GNU-EFI library:: CMD ::
           Method 1: sudo yum install gnu-efi
           Method 2: git clone https://github.com/vathpela/gnu-efi
                            cd into the directory
                            make
                            sudo make install
                         
b) Get the sbsigntool ::CMD ::
          Method 1: git clone https://github.com/wmarone/sbsigntool
                           cd into the directory
                           ./autogen.sh
                           ./configure          //Notice, they might be some dependency missing, need installation
                           make
                           sudo make install

c) Get some libraries needed
           sudo yum install pkgconfig
           sudo yum install perl-CPAN
           sudo yum install perl-File-Slurp
           sudo yum install help2man

3) Above are similar across 32bits version and 64bits version, however, below will be 32bit focus only.
     There will be an error in the lib/security_policy.c as there are asm code in the security policy and so far I can't find a workaround for it.
        vim lib/Makefile
        Delete the security_policy.o from the FILES = line
        Add the bolded two lines
        clean:
        rm -f lib.a
        rm -f $(LIBFILES)
        rm -f lib-efi.a
        rm -f $(EFILIBFILES)

         vim Makefile
         Delete the PreLoader.efi from the EFIFILES = line, as this file required the security_policy.c library

4) Compile all the necessary files by doing make
         make clean && make 
         //It should complete with no error and undefine symbols

5) Now create a USB drive image:
        ./mkusb * * usb_drive_image.img

6) Open the System in Fedora application and plug in a USB pendrive
    Click Restore Image on the drive and select the usb_drive_image.img

Congratulation, you have successfully created your own signed application with PK, KEK, DB keys.

No comments:

Post a Comment