External PE/COFF image may not be valid and cause memory corruption. These patches uses PeCoffLib PeCoffLoaderGetImageInfo() to check the PE format. If this API has been used to check PE format, the addtional comments will be added to describe PE image has been checked.
In V2, add specific ImageRead() to make sure the PE/COFF image content read is within the image buffer. Liming Gao (5): SecurityPkg SecureBootConfigDxe: Add check for the external PE/COFF image. SecurityPkg TrEEDxe: Add check for the PE/COFF image. SecurityPkg Tcg2Dxe: Add check for the PE/COFF image SecurityPkg DxeImageVerificationLib: Add comments in HashPeImage() SecurityPkg DxeTpmMeasureBootLib: Add comments in TcgMeasurePeImage() .../DxeImageVerificationLib.c | 5 +- .../DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c | 5 +- SecurityPkg/SecurityPkg.dsc | 2 + SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c | 72 +++++++++++++++++++++- SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.c | 2 + SecurityPkg/Tcg/Tcg2Dxe/Tcg2Dxe.inf | 1 + SecurityPkg/Tcg/TrEEDxe/MeasureBootPeCoff.c | 72 +++++++++++++++++++++- SecurityPkg/Tcg/TrEEDxe/TrEEDxe.c | 2 + SecurityPkg/Tcg/TrEEDxe/TrEEDxe.inf | 1 + .../SecureBootConfigDxe/SecureBootConfigDxe.inf | 1 + .../SecureBootConfigDxe/SecureBootConfigImpl.c | 70 +++++++++++++++++++++ .../SecureBootConfigDxe/SecureBootConfigImpl.h | 1 + 12 files changed, 230 insertions(+), 4 deletions(-) -- 1.9.5.msysgit.0 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel