I think this is a setup UI driver. Should we pomp up a dialog to tell end user that PE image is corrupted?
Thank you Yao Jiewen > -----Original Message----- > From: Gao, Liming > Sent: Tuesday, July 12, 2016 3:55 PM > To: edk2-devel@lists.01.org > Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B > <chao.b.zh...@intel.com> > Subject: [Patch 1/4] SecurityPkg SecureBootConfigDxe: Add check for the > external PE/COFF image. > > Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF > image. > > Cc: Jiewen Yao <jiewen....@intel.com> > Cc: Chao Zhang <chao.b.zh...@intel.com> > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Liming Gao <liming....@intel.com> > --- > SecurityPkg/SecurityPkg.dsc | 2 ++ > .../SecureBootConfigDxe/SecureBootConfigDxe.inf | 1 + > .../SecureBootConfigDxe/SecureBootConfigImpl.c | 22 > ++++++++++++++++++++++ > .../SecureBootConfigDxe/SecureBootConfigImpl.h | 1 + > 4 files changed, 26 insertions(+) > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > index 1960b52..21cac78 100644 > --- a/SecurityPkg/SecurityPkg.dsc > +++ b/SecurityPkg/SecurityPkg.dsc > @@ -34,6 +34,8 @@ > PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf > > UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiA > pplicationEntryPoint.inf > > PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanc > eLibNull.inf > + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf > + > PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BaseP > eCoffExtraActionLibNull.inf > > DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf > > UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry > Point.inf > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figDxe.inf > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figDxe.inf > index 6b143f5..fa7c39d 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figDxe.inf > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figDxe.inf > @@ -58,6 +58,7 @@ > PlatformSecureLib > DevicePathLib > FileExplorerLib > + PeCoffLib > > [Guids] > ## SOMETIMES_CONSUMES ## Variable:L"CustomMode" > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.c > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.c > index 3f80441..7eb050f 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.c > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.c > @@ -1625,9 +1625,28 @@ LoadPeImage ( > EFI_IMAGE_DOS_HEADER *DosHdr; > EFI_IMAGE_NT_HEADERS32 *NtHeader32; > EFI_IMAGE_NT_HEADERS64 *NtHeader64; > + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; > + EFI_STATUS Status; > > NtHeader32 = NULL; > NtHeader64 = NULL; > + > + ZeroMem (&ImageContext, sizeof (ImageContext)); > + ImageContext.Handle = (VOID *) mImageBase; > + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) > PeCoffLoaderImageReadFromMemory; > + > + // > + // Get information about the image being loaded > + // > + Status = PeCoffLoaderGetImageInfo (&ImageContext); > + if (EFI_ERROR (Status)) { > + // > + // The information can't be got from the invalid PeImage > + // > + DEBUG ((DEBUG_INFO, "SecureBootConfigDxe: PeImage invalid. \n")); > + return Status; > + } > + > // > // Read the Dos header > // > @@ -1689,6 +1708,9 @@ LoadPeImage ( > Calculate hash of Pe/Coff image based on the authenticode image > hashing in > PE/COFF Specification 8.0 Appendix A > > + Notes: PE/COFF image has been checked by BasePeCoffLib > PeCoffLoaderGetImageInfo() in > + the function LoadPeImage (). > + > @param[in] HashAlg Hash algorithm type. > > @retval TRUE Successfully hash image. > diff --git > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.h > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.h > index 0a09ab4..5055a9e 100644 > --- > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.h > +++ > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > figImpl.h > @@ -40,6 +40,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > ANY KIND, EITHER EXPRESS OR IMPLIED. > #include <Library/PlatformSecureLib.h> > #include <Library/BaseCryptLib.h> > #include <Library/FileExplorerLib.h> > +#include <Library/PeCoffLib.h> > > #include <Guid/MdeModuleHii.h> > #include <Guid/AuthenticatedVariableFormat.h> > -- > 2.8.0.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel