CPC G06F 21/57 (2013.01) [G06F 21/64 (2013.01); H04L 9/14 (2013.01); H04L 9/3247 (2013.01)] | 12 Claims |
1. A method of generating a signed input image in a configurable code signing system, comprising:
defining a recipe associated with a recipe identifier, comprising:
defining an operation type associated with the recipe, the operation type defined from one or more input image signing requirements;
defining a plurality of data fields of the input image;
specifying a list of configuration parameters and associating each of the specified configuration parameters with at least one of the plurality of the data fields;
specifying a sequence of atomic operations operating on input image values of the configuration parameters to generate an output image having the signed input image;
wherein the sequence of atomic operations includes at least one of:
an atomic operation for returning a size of particular data;
a data field validation operation for validating the equality between particular data;
a concatenation atomic operation for concatenating particular data
an arithmetic atomic operation for computing an arithmetic result of at least one of a sum of, a difference of, a multiplication of, and a division of particular data;
an execution atomic operation for executing another recipe on particular data;
a byte atomic operation referencing at least one of the plurality of data fields and an offset within the one of the plurality of data fields wherein the byte atomic operation retrieves data of the input image at the offset;
a byte manipulation atomic operation for manipulating binary data, including at least one of a logical OR operation, a logical exclusive OR operation, a logical AND operation and a logical inverse operation; and
a cryptographic operation including a signing atomic operation for signing the input image at least in part according to the input image values of the configuration parameters;
accepting, in the configurable code signing system, a request to sign the input image, the request comprising:
the input image, comprising:
the plurality of data fields; and
software code and input image values of the configuration parameters disposed within the plurality of data fields;
an identifier of a signing configuration, the signing configuration including:
the recipe identifier; and
approved configuration parameter values;
reading the recipe identified by the recipe identifier;
parsing and interpreting the sequence of atomic operations of the recipe;
generating the output image having the signed input image at least in part by executing the parsed and interpreted sequence of atomic operations of the recipe using the input image values of the configuration parameters; and
providing the output image.
|