Jiewen:
Current report error message is that "ERROR: Unsupported file type!" L"Only
supports DER-encoded X509 certificate and executable EFI image", because the
return status is RETURN_UNSUPPORTED. I think this error message is also fine.
Thanks
Liming
> -----Original Message-----
> From: Yao, Jiewen
> Sent: Wednesday, July 13, 2016 9:16 AM
> To: Gao, Liming <liming....@intel.com>; edk2-devel@lists.01.org
> Cc: Zhang, Chao B <chao.b.zh...@intel.com>
> Subject: RE: [Patch 1/4] SecurityPkg SecureBootConfigDxe: Add check for the
> external PE/COFF image.
>
> I think this is a setup UI driver.
> Should we pomp up a dialog to tell end user that PE image is corrupted?
>
> Thank you
> Yao Jiewen
>
> > -----Original Message-----
> > From: Gao, Liming
> > Sent: Tuesday, July 12, 2016 3:55 PM
> > To: edk2-devel@lists.01.org
> > Cc: Yao, Jiewen <jiewen....@intel.com>; Zhang, Chao B
> > <chao.b.zh...@intel.com>
> > Subject: [Patch 1/4] SecurityPkg SecureBootConfigDxe: Add check for the
> > external PE/COFF image.
> >
> > Use BasePeCoffLib PeCoffLoaderGetImageInfo() to check the PE/COFF
> > image.
> >
> > Cc: Jiewen Yao <jiewen....@intel.com>
> > Cc: Chao Zhang <chao.b.zh...@intel.com>
> > Contributed-under: TianoCore Contribution Agreement 1.0
> > Signed-off-by: Liming Gao <liming....@intel.com>
> > ---
> > SecurityPkg/SecurityPkg.dsc | 2 ++
> > .../SecureBootConfigDxe/SecureBootConfigDxe.inf | 1 +
> > .../SecureBootConfigDxe/SecureBootConfigImpl.c | 22
> > ++++++++++++++++++++++
> > .../SecureBootConfigDxe/SecureBootConfigImpl.h | 1 +
> > 4 files changed, 26 insertions(+)
> >
> > diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc
> > index 1960b52..21cac78 100644
> > --- a/SecurityPkg/SecurityPkg.dsc
> > +++ b/SecurityPkg/SecurityPkg.dsc
> > @@ -34,6 +34,8 @@
> > PrintLib|MdePkg/Library/BasePrintLib/BasePrintLib.inf
> >
> >
> UefiApplicationEntryPoint|MdePkg/Library/UefiApplicationEntryPoint/UefiA
> > pplicationEntryPoint.inf
> >
> >
> PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanc
> > eLibNull.inf
> > + PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf
> > +
> >
> PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BaseP
> > eCoffExtraActionLibNull.inf
> >
> > DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
> >
> >
> UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntry
> > Point.inf
> > diff --git
> >
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figDxe.inf
> >
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figDxe.inf
> > index 6b143f5..fa7c39d 100644
> > ---
> >
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figDxe.inf
> > +++
> >
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figDxe.inf
> > @@ -58,6 +58,7 @@
> > PlatformSecureLib
> > DevicePathLib
> > FileExplorerLib
> > + PeCoffLib
> >
> > [Guids]
> > ## SOMETIMES_CONSUMES ## Variable:L"CustomMode"
> > diff --git
> >
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figImpl.c
> >
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figImpl.c
> > index 3f80441..7eb050f 100644
> > ---
> >
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figImpl.c
> > +++
> >
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figImpl.c
> > @@ -1625,9 +1625,28 @@ LoadPeImage (
> > EFI_IMAGE_DOS_HEADER *DosHdr;
> > EFI_IMAGE_NT_HEADERS32 *NtHeader32;
> > EFI_IMAGE_NT_HEADERS64 *NtHeader64;
> > + PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
> > + EFI_STATUS Status;
> >
> > NtHeader32 = NULL;
> > NtHeader64 = NULL;
> > +
> > + ZeroMem (&ImageContext, sizeof (ImageContext));
> > + ImageContext.Handle = (VOID *) mImageBase;
> > + ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)
> > PeCoffLoaderImageReadFromMemory;
> > +
> > + //
> > + // Get information about the image being loaded
> > + //
> > + Status = PeCoffLoaderGetImageInfo (&ImageContext);
> > + if (EFI_ERROR (Status)) {
> > + //
> > + // The information can't be got from the invalid PeImage
> > + //
> > + DEBUG ((DEBUG_INFO, "SecureBootConfigDxe: PeImage invalid. \n"));
> > + return Status;
> > + }
> > +
> > //
> > // Read the Dos header
> > //
> > @@ -1689,6 +1708,9 @@ LoadPeImage (
> > Calculate hash of Pe/Coff image based on the authenticode image
> > hashing in
> > PE/COFF Specification 8.0 Appendix A
> >
> > + Notes: PE/COFF image has been checked by BasePeCoffLib
> > PeCoffLoaderGetImageInfo() in
> > + the function LoadPeImage ().
> > +
> > @param[in] HashAlg Hash algorithm type.
> >
> > @retval TRUE Successfully hash image.
> > diff --git
> >
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figImpl.h
> >
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figImpl.h
> > index 0a09ab4..5055a9e 100644
> > ---
> >
> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figImpl.h
> > +++
> >
> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCon
> > figImpl.h
> > @@ -40,6 +40,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF
> > ANY KIND, EITHER EXPRESS OR IMPLIED.
> > #include <Library/PlatformSecureLib.h>
> > #include <Library/BaseCryptLib.h>
> > #include <Library/FileExplorerLib.h>
> > +#include <Library/PeCoffLib.h>
> >
> > #include <Guid/MdeModuleHii.h>
> > #include <Guid/AuthenticatedVariableFormat.h>
> > --
> > 2.8.0.windows.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
