Re: [edk2] [Patch 3/4] SecurityPkg Tcg2Dxe: Add check for the PE/COFF image

Tue, 12 Jul 2016 18:15:49 -0700 

Reviewed by: jiewen....@intel.com

> -----Original Message-----
> From: Gao, Liming
> Sent: Tuesday, July 12, 2016 3:55 PM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B
> <chao.b.zh...@intel.com>
> Subject: [Patch 3/4] SecurityPkg Tcg2Dxe: Add check for the PE/COFF image
> 
> Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF
> image.
> 
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Chao Zhang <chao.b.zh...@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Liming Gao <liming....@intel.com>
> ---
>  SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c | 22
> +++++++++++++++++++++-
>  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c           |  2 ++
>  SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf         |  1 +
>  3 files changed, 24 insertions(+), 1 deletion(-)
> 
> diff --git a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c
> b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c
> index e2d763a..5cdb15e 100644
> --- a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c
> +++ b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c
> @@ -6,7 +6,7 @@
>    This external input must be validated carefully to avoid security issue 
> like
>    buffer overflow, integer overflow.
> 
> -Copyright (c) 2015, Intel Corporation. All rights reserved.<BR>
> +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
>  This program and the accompanying materials
>  are licensed and made available under the terms and conditions of the BSD
> License
>  which accompanies this distribution.  The full text of the license may be
> found at
> @@ -28,6 +28,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
>  #include <Library/PeCoffLib.h>
>  #include <Library/Tpm2CommandLib.h>
>  #include <Library/HashLib.h>
> +#include <Library/PeCoffLib.h>
> 
>  /**
>    Measure PE image into TPM log based on the authenticode image
> hashing in
> @@ -37,6 +38,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
>    PE/COFF image is external input, so this function will validate its data
> structure
>    within this image buffer before use.
> 
> +  Notes: PE/COFF image is checked by BasePeCoffLib
> PeCoffLoaderGetImageInfo().
> +
>    @param[in]  PCRIndex       TPM PCR index
>    @param[in]  ImageAddress   Start address of image buffer.
>    @param[in]  ImageSize      Image size
> @@ -69,6 +72,7 @@ MeasurePeImageAndExtend (
>    UINT32                               NumberOfRvaAndSizes;
>    UINT32                               CertSize;
>    HASH_HANDLE                          HashHandle;
> +  PE_COFF_LOADER_IMAGE_CONTEXT         ImageContext;
> 
>    HashHandle = 0xFFFFFFFF; // Know bad value
> 
> @@ -78,6 +82,22 @@ MeasurePeImageAndExtend (
>    //
>    // Check PE/COFF image
>    //
> +  ZeroMem (&ImageContext, sizeof (ImageContext));
> +  ImageContext.Handle    = (VOID *) (UINTN) ImageAddress;
> +  ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)
> PeCoffLoaderImageReadFromMemory;
> +
> +  //
> +  // Get information about the image being loaded
> +  //
> +  Status = PeCoffLoaderGetImageInfo (&ImageContext);
> +  if (EFI_ERROR (Status)) {
> +    //
> +    // The information can't be got from the invalid PeImage
> +    //
> +    DEBUG ((DEBUG_INFO, "Tcg2Dxe: PeImage invalid. Cannot retrieve
> image information.\n"));
> +    goto Finish;
> +  }
> +
>    DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress;
>    PeCoffHeaderOffset = 0;
>    if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
> diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
> b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
> index 7720c27..95219c0 100644
> --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
> +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c
> @@ -127,6 +127,8 @@ EFI_HANDLE mImageHandle;
>    PE/COFF image is external input, so this function will validate its data
> structure
>    within this image buffer before use.
> 
> +  Notes: PE/COFF image is checked by BasePeCoffLib
> PeCoffLoaderGetImageInfo().
> +
>    @param[in]  PCRIndex       TPM PCR index
>    @param[in]  ImageAddress   Start address of image buffer.
>    @param[in]  ImageSize      Image size
> diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> index fd120e5..6b4c15f 100644
> --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf
> @@ -59,6 +59,7 @@
>    PerformanceLib
>    ReportStatusCodeLib
>    Tcg2PhysicalPresenceLib
> +  PeCoffLib
> 
>  [Guids]
>    ## SOMETIMES_CONSUMES     ## Variable:L"SecureBoot"
> --
> 2.8.0.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to