sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg: remove PE/COFF header workaround for ELILO on IPF

Browse Source 
Now that Itanium support has been dropped, we can remove the various
occurrences of the ELILO on Itanium PE/COFF header workaround.

Link: https://bugzilla.tianocore.org/show_bug.cgi?id=816
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Yao Jiewen <jiewen.yao@intel.com>
Reviewed-by: Zhang Chao B <chao.b.zhang@intel.com>
This commit is contained in:
Ard Biesheuvel
2018-09-07 13:42:02 +08:00
committed by Zhang, Chao B
parent ae57950fc8
commit f199664ce7
4 changed files with 25 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
View File

@ -295,7 +295,6 @@ HashPeImage (
) )
{ {
BOOLEAN Status; BOOLEAN Status;
UINT16 Magic;
EFI_IMAGE_SECTION_HEADER *Section; EFI_IMAGE_SECTION_HEADER *Section;
VOID *HashCtx; VOID *HashCtx;
UINTN CtxSize; UINTN CtxSize;
@ -367,33 +366,19 @@ HashPeImage (
// Measuring PE/COFF Image Header; // Measuring PE/COFF Image Header;
// But CheckSum field and SECURITY data directory (certificate) are excluded // But CheckSum field and SECURITY data directory (certificate) are excluded
// //
if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
// in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
// Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
// then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
//
Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
} else {
//
// Get the magic value from the PE/COFF Optional Header
//
Magic = mNtHeader.Pe32->OptionalHeader.Magic;
}
// //
// 3. Calculate the distance from the base of the image header to the image checksum address. // 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum. // 4. Hash the image header from its base to beginning of the image checksum.
// //
HashBase = mImageBase; HashBase = mImageBase;
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase;
NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes; NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
} else if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { } else if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
@ -420,7 +405,7 @@ HashPeImage (
// 6. Since there is no Cert Directory in optional header, hash everything // 6. Since there is no Cert Directory in optional header, hash everything
// from the end of the checksum to the end of image header. // from the end of the checksum to the end of image header.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
@ -444,7 +429,7 @@ HashPeImage (
// //
// 7. Hash everything from the end of the checksum to the start of the Cert Directory. // 7. Hash everything from the end of the checksum to the start of the Cert Directory.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
@ -469,7 +454,7 @@ HashPeImage (
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
// 9. Hash everything from the end of the Cert Directory to the end of image header. // 9. Hash everything from the end of the Cert Directory to the end of image header.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
@ -494,7 +479,7 @@ HashPeImage (
// //
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header. // 10. Set the SUM_OF_BYTES_HASHED to the size of the header.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
@ -577,7 +562,7 @@ HashPeImage (
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
CertSize = 0; CertSize = 0;
} else { } else {
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
@ -1583,7 +1568,6 @@ DxeImageVerificationHandler (
) )
{ {
EFI_STATUS Status; EFI_STATUS Status;
UINT16 Magic;
EFI_IMAGE_DOS_HEADER *DosHdr; EFI_IMAGE_DOS_HEADER *DosHdr;
EFI_STATUS VerifyStatus; EFI_STATUS VerifyStatus;
EFI_SIGNATURE_LIST *SignatureList; EFI_SIGNATURE_LIST *SignatureList;
@ -1723,22 +1707,7 @@ DxeImageVerificationHandler (
goto Done; goto Done;
} }
if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
// in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
// Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
// then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
//
Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
} else {
//
// Get the magic value from the PE/COFF Optional Header
//
Magic = mNtHeader.Pe32->OptionalHeader.Magic;
}
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //

27
SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c
View File

@ -320,7 +320,6 @@ TcgMeasurePeImage (
EFI_IMAGE_SECTION_HEADER *SectionHeader; EFI_IMAGE_SECTION_HEADER *SectionHeader;
UINTN Index; UINTN Index;
UINTN Pos; UINTN Pos;
UINT16 Magic;
UINT32 EventSize; UINT32 EventSize;
UINT32 EventNumber; UINT32 EventNumber;
EFI_PHYSICAL_ADDRESS EventLogLastEntry; EFI_PHYSICAL_ADDRESS EventLogLastEntry;
@ -418,27 +417,13 @@ TcgMeasurePeImage (
// Measuring PE/COFF Image Header; // Measuring PE/COFF Image Header;
// But CheckSum field and SECURITY data directory (certificate) are excluded // But CheckSum field and SECURITY data directory (certificate) are excluded
// //
if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
// in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
// Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
// then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
//
Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
} else {
//
// Get the magic value from the PE/COFF Optional Header
//
Magic = Hdr.Pe32->OptionalHeader.Magic;
}
// //
// 3. Calculate the distance from the base of the image header to the image checksum address. // 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum. // 4. Hash the image header from its base to beginning of the image checksum.
// //
HashBase = (UINT8 *) (UINTN) ImageAddress; HashBase = (UINT8 *) (UINTN) ImageAddress;
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
@ -465,7 +450,7 @@ TcgMeasurePeImage (
// 6. Since there is no Cert Directory in optional header, hash everything // 6. Since there is no Cert Directory in optional header, hash everything
// from the end of the checksum to the end of image header. // from the end of the checksum to the end of image header.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
@ -489,7 +474,7 @@ TcgMeasurePeImage (
// //
// 7. Hash everything from the end of the checksum to the start of the Cert Directory. // 7. Hash everything from the end of the checksum to the start of the Cert Directory.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
@ -514,7 +499,7 @@ TcgMeasurePeImage (
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
// 9. Hash everything from the end of the Cert Directory to the end of image header. // 9. Hash everything from the end of the Cert Directory to the end of image header.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
@ -539,7 +524,7 @@ TcgMeasurePeImage (
// //
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header // 10. Set the SUM_OF_BYTES_HASHED to the size of the header
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
@ -621,7 +606,7 @@ TcgMeasurePeImage (
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
CertSize = 0; CertSize = 0;
} else { } else {
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //

27
SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c
View File

@ -116,7 +116,6 @@ MeasurePeImageAndExtend (
EFI_IMAGE_SECTION_HEADER *SectionHeader; EFI_IMAGE_SECTION_HEADER *SectionHeader;
UINTN Index; UINTN Index;
UINTN Pos; UINTN Pos;
UINT16 Magic;
EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr;
UINT32 NumberOfRvaAndSizes; UINT32 NumberOfRvaAndSizes;
UINT32 CertSize; UINT32 CertSize;
@ -181,27 +180,13 @@ MeasurePeImageAndExtend (
// Measuring PE/COFF Image Header; // Measuring PE/COFF Image Header;
// But CheckSum field and SECURITY data directory (certificate) are excluded // But CheckSum field and SECURITY data directory (certificate) are excluded
// //
if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
// in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
// Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
// then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
//
Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
} else {
//
// Get the magic value from the PE/COFF Optional Header
//
Magic = Hdr.Pe32->OptionalHeader.Magic;
}
// //
// 3. Calculate the distance from the base of the image header to the image checksum address. // 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum. // 4. Hash the image header from its base to beginning of the image checksum.
// //
HashBase = (UINT8 *) (UINTN) ImageAddress; HashBase = (UINT8 *) (UINTN) ImageAddress;
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
@ -228,7 +213,7 @@ MeasurePeImageAndExtend (
// 6. Since there is no Cert Directory in optional header, hash everything // 6. Since there is no Cert Directory in optional header, hash everything
// from the end of the checksum to the end of image header. // from the end of the checksum to the end of image header.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
@ -252,7 +237,7 @@ MeasurePeImageAndExtend (
// //
// 7. Hash everything from the end of the checksum to the start of the Cert Directory. // 7. Hash everything from the end of the checksum to the start of the Cert Directory.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
@ -277,7 +262,7 @@ MeasurePeImageAndExtend (
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
// 9. Hash everything from the end of the Cert Directory to the end of image header. // 9. Hash everything from the end of the Cert Directory to the end of image header.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
@ -302,7 +287,7 @@ MeasurePeImageAndExtend (
// //
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header // 10. Set the SUM_OF_BYTES_HASHED to the size of the header
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
@ -384,7 +369,7 @@ MeasurePeImageAndExtend (
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
CertSize = 0; CertSize = 0;
} else { } else {
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //

25
SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c
View File

@ -1831,7 +1831,6 @@ HashPeImage (
) )
{ {
BOOLEAN Status; BOOLEAN Status;
UINT16 Magic;
EFI_IMAGE_SECTION_HEADER *Section; EFI_IMAGE_SECTION_HEADER *Section;
VOID *HashCtx; VOID *HashCtx;
UINTN CtxSize; UINTN CtxSize;
@ -1874,27 +1873,13 @@ HashPeImage (
// Measuring PE/COFF Image Header; // Measuring PE/COFF Image Header;
// But CheckSum field and SECURITY data directory (certificate) are excluded // But CheckSum field and SECURITY data directory (certificate) are excluded
// //
if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
//
// NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
// in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
// Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
// then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
//
Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
} else {
//
// Get the magic value from the PE/COFF Optional Header
//
Magic = mNtHeader.Pe32->OptionalHeader.Magic;
}
// //
// 3. Calculate the distance from the base of the image header to the image checksum address. // 3. Calculate the distance from the base of the image header to the image checksum address.
// 4. Hash the image header from its base to beginning of the image checksum. // 4. Hash the image header from its base to beginning of the image checksum.
// //
HashBase = mImageBase; HashBase = mImageBase;
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
@ -1915,7 +1900,7 @@ HashPeImage (
// 6. Get the address of the beginning of the Cert Directory. // 6. Get the address of the beginning of the Cert Directory.
// 7. Hash everything from the end of the checksum to the start of the Cert Directory. // 7. Hash everything from the end of the checksum to the start of the Cert Directory.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
@ -1937,7 +1922,7 @@ HashPeImage (
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
// 9. Hash everything from the end of the Cert Directory to the end of image header. // 9. Hash everything from the end of the Cert Directory to the end of image header.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
@ -1958,7 +1943,7 @@ HashPeImage (
// //
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header. // 10. Set the SUM_OF_BYTES_HASHED to the size of the header.
// //
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
@ -2032,7 +2017,7 @@ HashPeImage (
// //
if (mImageSize > SumOfBytesHashed) { if (mImageSize > SumOfBytesHashed) {
HashBase = mImageBase + SumOfBytesHashed; HashBase = mImageBase + SumOfBytesHashed;
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //