Jiewen: Current report error message is that "ERROR: Unsupported file type!" L"Only supports DER-encoded X509 certificate and executable EFI image", because the return status is RETURN_UNSUPPORTED. I think this error message is also fine.
Thanks Liming > -----Original Message----- > From: Yao, Jiewen > Sent: Wednesday, July 13, 2016 9:16 AM > To: Gao, Liming <liming....@intel.com>; edk2-devel@lists.01.org > Cc: Zhang, Chao B <chao.b.zh...@intel.com> > Subject: RE: [Patch 1/4] SecurityPkg SecureBootConfigDxe: Add check for the > external PE/COFF image. > > I think this is a setup UI driver. > Should we pomp up a dialog to tell end user that PE image is corrupted? > > Thank you > Yao Jiewen > > > -----Original Message----- > > From: Gao, Liming > > Sent: Tuesday, July 12, 2016 3:55 PM > > To: edk2-devel@lists.01.org > > Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B > > <chao.b.zh...@intel.com> > > Subject: [Patch 1/4] SecurityPkg SecureBootConfigDxe: Add check for the > > external PE/COFF image. > > > > Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF > > image. > > > > Cc: Jiewen Yao <jiewen....@intel.com> > > Cc: Chao Zhang <chao.b.zh...@intel.com> > > Contributed-under: TianoCore Contribution Agreement 1.0 > > Signed-off-by: Liming Gao <liming....@intel.com> > > --- > > SecurityPkg/SecurityPkg.dsc | 2 ++ > > .../SecureBootConfigDxe/SecureBootConfigDxe.inf | 1 + > > .../SecureBootConfigDxe/SecureBootConfigImpl.c | 22 > > ++++++++++++++++++++++ > > .../SecureBootConfigDxe/SecureBootConfigImpl.h | 1 + > > 4 files changed, 26 insertions(+) > > > > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc > > index 1960b52..21cac78 100644 > > --- a/SecurityPkg/SecurityPkg.dsc > > +++ b/SecurityPkg/SecurityPkg.dsc > > @@ -34,6 +34,8 @@ > > PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf > > > > > UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiA > > pplicationEntryPoint.inf > > > > > PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanc > > eLibNull.inf > > + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf > > + > > > PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BaseP > > eCoffExtraActionLibNull.inf > > > > DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf > > > > > UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry > > Point.inf > > diff --git > > > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figDxe.inf > > > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figDxe.inf > > index 6b143f5..fa7c39d 100644 > > --- > > > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figDxe.inf > > +++ > > > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figDxe.inf > > @@ -58,6 +58,7 @@ > > PlatformSecureLib > > DevicePathLib > > FileExplorerLib > > + PeCoffLib > > > > [Guids] > > ## SOMETIMES_CONSUMES ## Variable:L"CustomMode" > > diff --git > > > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figImpl.c > > > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figImpl.c > > index 3f80441..7eb050f 100644 > > --- > > > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figImpl.c > > +++ > > > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figImpl.c > > @@ -1625,9 +1625,28 @@ LoadPeImage ( > > EFI_IMAGE_DOS_HEADER *DosHdr; > > EFI_IMAGE_NT_HEADERS32 *NtHeader32; > > EFI_IMAGE_NT_HEADERS64 *NtHeader64; > > + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; > > + EFI_STATUS Status; > > > > NtHeader32 = NULL; > > NtHeader64 = NULL; > > + > > + ZeroMem (&ImageContext, sizeof (ImageContext)); > > + ImageContext.Handle = (VOID *) mImageBase; > > + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) > > PeCoffLoaderImageReadFromMemory; > > + > > + // > > + // Get information about the image being loaded > > + // > > + Status = PeCoffLoaderGetImageInfo (&ImageContext); > > + if (EFI_ERROR (Status)) { > > + // > > + // The information can't be got from the invalid PeImage > > + // > > + DEBUG ((DEBUG_INFO, "SecureBootConfigDxe: PeImage invalid. \n")); > > + return Status; > > + } > > + > > // > > // Read the Dos header > > // > > @@ -1689,6 +1708,9 @@ LoadPeImage ( > > Calculate hash of Pe/Coff image based on the authenticode image > > hashing in > > PE/COFF Specification 8.0 Appendix A > > > > + Notes: PE/COFF image has been checked by BasePeCoffLib > > PeCoffLoaderGetImageInfo() in > > + the function LoadPeImage (). > > + > > @param[in] HashAlg Hash algorithm type. > > > > @retval TRUE Successfully hash image. > > diff --git > > > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figImpl.h > > > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figImpl.h > > index 0a09ab4..5055a9e 100644 > > --- > > > a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figImpl.h > > +++ > > > b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon > > figImpl.h > > @@ -40,6 +40,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF > > ANY KIND, EITHER EXPRESS OR IMPLIED. > > #include <Library/PlatformSecureLib.h> > > #include <Library/BaseCryptLib.h> > > #include <Library/FileExplorerLib.h> > > +#include <Library/PeCoffLib.h> > > > > #include <Guid/MdeModuleHii.h> > > #include <Guid/AuthenticatedVariableFormat.h> > > -- > > 2.8.0.windows.1 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel