diff --git a/cmd/core/bg-prov/cmd.go b/cmd/core/bg-prov/cmd.go index e5e15f35..cb269b31 100644 --- a/cmd/core/bg-prov/cmd.go +++ b/cmd/core/bg-prov/cmd.go @@ -2,6 +2,7 @@ package main import ( "bytes" + "crypto" "encoding/binary" "fmt" "os" @@ -858,7 +859,7 @@ func (s *signKMCmd) Run(ctx *context) error { if err != nil { return err } - bKMSigned, err := bg.SignKM(s.SignAlgo, privkey) + bKMSigned, err := bg.SignKM(s.SignAlgo, privkey.(crypto.Signer)) if err != nil { return err } diff --git a/pkg/provisioning/bootguard/bootguard.go b/pkg/provisioning/bootguard/bootguard.go index c8f6484c..d25db6ea 100644 --- a/pkg/provisioning/bootguard/bootguard.go +++ b/pkg/provisioning/bootguard/bootguard.go @@ -419,7 +419,7 @@ func (b *BootGuard) StitchBPM(pubKey crypto.PublicKey, signature []byte) ([]byte } // SignKM signs an unsigned KM with signAlgo and private key as input -func (b *BootGuard) SignKM(signAlgo string, privkey crypto.PrivateKey) ([]byte, error) { +func (b *BootGuard) SignKM(signAlgo string, signer crypto.Signer) ([]byte, error) { buf := new(bytes.Buffer) switch b.Version { case bgheader.Version10: @@ -433,7 +433,7 @@ func (b *BootGuard) SignKM(signAlgo string, privkey crypto.PrivateKey) ([]byte, return nil, err } unsignedKM := buf.Bytes()[:b.VData.BGkm.KeyAndSignatureOffset()] - if err := b.VData.BGkm.SetSignature(signAlgo, privkey.(crypto.Signer), unsignedKM); err != nil { + if err := b.VData.BGkm.SetSignature(signAlgo, signer, unsignedKM); err != nil { return nil, err } case bgheader.Version20: @@ -447,7 +447,7 @@ func (b *BootGuard) SignKM(signAlgo string, privkey crypto.PrivateKey) ([]byte, return nil, err } unsignedKM := buf.Bytes()[:b.VData.CBNTkm.KeyAndSignatureOffset()] - if err = b.VData.CBNTkm.SetSignature(signAlgo, b.VData.CBNTkm.PubKeyHashAlg, privkey.(crypto.Signer), unsignedKM); err != nil { + if err = b.VData.CBNTkm.SetSignature(signAlgo, b.VData.CBNTkm.PubKeyHashAlg, signer, unsignedKM); err != nil { return nil, err } default: