COFF image.

Yao, Jiewen Tue, 12 Jul 2016 18:16:53 -0700

I think this is a setup UI driver.
Should we pomp up a dialog to tell end user that PE image is corrupted?


Thank you
Yao Jiewen

> -----Original Message-----
> From: Gao, Liming
> Sent: Tuesday, July 12, 2016 3:55 PM
> To: edk2-devel@lists.01.org
> Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B
> <chao.b.zh...@intel.com>
> Subject: [Patch 1/4] SecurityPkg SecureBootConfigDxe: Add check for the
> external PE/COFF image.
> 
> Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF
> image.
> 
> Cc: Jiewen Yao <jiewen....@intel.com>
> Cc: Chao Zhang <chao.b.zh...@intel.com>
> Contributed-under: TianoCore Contribution Agreement 1.0
> Signed-off-by: Liming Gao <liming....@intel.com>
> ---
>  SecurityPkg/SecurityPkg.dsc                        |  2 ++
>  .../SecureBootConfigDxe/SecureBootConfigDxe.inf    |  1 +
>  .../SecureBootConfigDxe/SecureBootConfigImpl.c     | 22
> ++++++++++++++++++++++
>  .../SecureBootConfigDxe/SecureBootConfigImpl.h     |  1 +
>  4 files changed, 26 insertions(+)
> 
> diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> index 1960b52..21cac78 100644
> --- a/SecurityPkg/SecurityPkg.dsc
> +++ b/SecurityPkg/SecurityPkg.dsc
> @@ -34,6 +34,8 @@
>    PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
> 
> UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiA
> pplicationEntryPoint.inf
> 
> PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanc
> eLibNull.inf
> +  PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
> +
> PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BaseP
> eCoffExtraActionLibNull.inf
> 
>    DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
> 
> UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry
> Point.inf
> diff --git
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figDxe.inf
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figDxe.inf
> index 6b143f5..fa7c39d 100644
> ---
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figDxe.inf
> +++
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figDxe.inf
> @@ -58,6 +58,7 @@
>    PlatformSecureLib
>    DevicePathLib
>    FileExplorerLib
> +  PeCoffLib
> 
>  [Guids]
>    ## SOMETIMES_CONSUMES      ## Variable:L"CustomMode"
> diff --git
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figImpl.c
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figImpl.c
> index 3f80441..7eb050f 100644
> ---
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figImpl.c
> +++
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figImpl.c
> @@ -1625,9 +1625,28 @@ LoadPeImage (
>    EFI_IMAGE_DOS_HEADER                  *DosHdr;
>    EFI_IMAGE_NT_HEADERS32                *NtHeader32;
>    EFI_IMAGE_NT_HEADERS64                *NtHeader64;
> +  PE_COFF_LOADER_IMAGE_CONTEXT          ImageContext;
> +  EFI_STATUS                            Status;
> 
>    NtHeader32 = NULL;
>    NtHeader64 = NULL;
> +
> +  ZeroMem (&ImageContext, sizeof (ImageContext));
> +  ImageContext.Handle    = (VOID *) mImageBase;
> +  ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)
> PeCoffLoaderImageReadFromMemory;
> +
> +  //
> +  // Get information about the image being loaded
> +  //
> +  Status = PeCoffLoaderGetImageInfo (&ImageContext);
> +  if (EFI_ERROR (Status)) {
> +    //
> +    // The information can't be got from the invalid PeImage
> +    //
> +    DEBUG ((DEBUG_INFO, "SecureBootConfigDxe: PeImage invalid. \n"));
> +    return Status;
> +  }
> +
>    //
>    // Read the Dos header
>    //
> @@ -1689,6 +1708,9 @@ LoadPeImage (
>    Calculate hash of Pe/Coff image based on the authenticode image
> hashing in
>    PE/COFF Specification 8.0 Appendix A
> 
> +  Notes: PE/COFF image has been checked by BasePeCoffLib
> PeCoffLoaderGetImageInfo() in
> +  the function LoadPeImage ().
> +
>    @param[in]    HashAlg   Hash algorithm type.
> 
>    @retval TRUE            Successfully hash image.
> diff --git
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figImpl.h
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figImpl.h
> index 0a09ab4..5055a9e 100644
> ---
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figImpl.h
> +++
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> figImpl.h
> @@ -40,6 +40,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> ANY KIND, EITHER EXPRESS OR IMPLIED.
>  #include <Library/PlatformSecureLib.h>
>  #include <Library/BaseCryptLib.h>
>  #include <Library/FileExplorerLib.h>
> +#include <Library/PeCoffLib.h>
> 
>  #include <Guid/MdeModuleHii.h>
>  #include <Guid/AuthenticatedVariableFormat.h>
> --
> 2.8.0.windows.1

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [Patch 1/4] SecurityPkg SecureBootConfigDxe: Add check for the external PE/COFF image.

Reply via email to