Reviewed by: jiewen....@intel.com > -----Original Message----- > From: Gao, Liming > Sent: Tuesday, July 12, 2016 3:55 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B > <chao.b.zh...@intel.com> > Subject: [Patch 3/4] SecurityPkg Tcg2Dxe: Add check for the PE/COFF image > > Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF > image. > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Chao Zhang <chao.b.zh...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Liming Gao <liming....@intel.com> > --- > SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c | 22 > +++++++++++++++++++++- > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 2 ++ > SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 + > 3 files changed, 24 insertions(+), 1 deletion(-) > > diff --git a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c > b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c > index e2d763a..5cdb15e 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c > +++ b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c > @@ -6,7 +6,7 @@ > This external input must be validated carefully to avoid security issue > like > buffer overflow, integer overflow. > > -Copyright (c) 2015, Intel Corporation. All rights reserved.<BR> > +Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR> > This program and the accompanying materials > are licensed and made available under the terms and conditions of the BSD > License > which accompanies this distribution. The full text of the license may be > found at > @@ -28,6 +28,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > #include <Library/PeCoffLib.h> > #include <Library/Tpm2CommandLib.h> > #include <Library/HashLib.h> > +#include <Library/PeCoffLib.h> > > /** > Measure PE image into TPM log based on the authenticode image > hashing in > @@ -37,6 +38,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > PE/COFF image is external input, so this function will validate its data > structure > within this image buffer before use. > > + Notes: PE/COFF image is checked by BasePeCoffLib > PeCoffLoaderGetImageInfo(). > + > @param[in] PCRIndex TPM PCR index > @param[in] ImageAddress Start address of image buffer. > @param[in] ImageSize Image size > @@ -69,6 +72,7 @@ MeasurePeImageAndExtend ( > UINT32 NumberOfRvaAndSizes; > UINT32 CertSize; > HASH_HANDLE HashHandle; > + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; > > HashHandle = 0xFFFFFFFF; // Know bad value > > @@ -78,6 +82,22 @@ MeasurePeImageAndExtend ( > // > // Check PE/COFF image > // > + ZeroMem (&ImageContext, sizeof (ImageContext)); > + ImageContext.Handle = (VOID *) (UINTN) ImageAddress; > + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) > PeCoffLoaderImageReadFromMemory; > + > + // > + // Get information about the image being loaded > + // > + Status = PeCoffLoaderGetImageInfo (&ImageContext); > + if (EFI_ERROR (Status)) { > + // > + // The information can't be got from the invalid PeImage > + // > + DEBUG ((DEBUG_INFO, "Tcg2Dxe: PeImage invalid. Cannot retrieve > image information.\n")); > + goto Finish; > + } > + > DosHdr = (EFI_IMAGE_DOS_HEADER *) (UINTN) ImageAddress; > PeCoffHeaderOffset = 0; > if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) { > diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > index 7720c27..95219c0 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c > @@ -127,6 +127,8 @@ EFI_HANDLE mImageHandle; > PE/COFF image is external input, so this function will validate its data > structure > within this image buffer before use. > > + Notes: PE/COFF image is checked by BasePeCoffLib > PeCoffLoaderGetImageInfo(). > + > @param[in] PCRIndex TPM PCR index > @param[in] ImageAddress Start address of image buffer. > @param[in] ImageSize Image size > diff --git a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > index fd120e5..6b4c15f 100644 > --- a/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > +++ b/SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf > @@ -59,6 +59,7 @@ > PerformanceLib > ReportStatusCodeLib > Tcg2PhysicalPresenceLib > + PeCoffLib > > [Guids] > ## SOMETIMES_CONSUMES ## Variable:L"SecureBoot" > -- > 2.8.0.windows.1
_______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel