On 6/24/22 07:32, Su, Bao Cheng wrote:
During PE hashing, when holes exists between sections, the extra data
calculated could be a dupulicated region of the last section.
Such PE image with holes existing between sections may contain the
symbol table for the kernel, for example.
The Authenticode_PE spec does not rule how to deal with such scenario,
however, other tools such as pesign and sbsign both have the overlapped
Thanks for analyzing differences in hashing.
Above you mention holes between sections. Here you talk about
overlapping sections. These two cases are obviously distinct.
Please, provide an accurate description.
Examples (in text form) would be helpful.
Best regards
Heinrich
regions hashed. And EDK2 hash the overlapped area as well.
Signed-off-by: Baocheng Su <baocheng...@siemens.com>
---
lib/efi_loader/efi_image_loader.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/efi_loader/efi_image_loader.c
b/lib/efi_loader/efi_image_loader.c
index 9611398885..d85fb6ba08 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -481,7 +481,7 @@ bool efi_image_parse(void *efi, size_t len, struct
efi_image_regions **regp,
EFI_PRINT("extra data for hash: %zu\n",
len - (bytes_hashed + authsz));
efi_image_region_add(regs, efi + bytes_hashed,
- efi + len - authsz, 0);
+ efi + len - authsz, 1);
}
/* Return Certificates Table */
