]>
Commit | Line | Data |
---|---|---|
031e5cce | 1 | // SPDX-License-Identifier: BSD-2-Clause-Patent |
17857eb8 MG |
2 | /* |
3 | * Copyright 2013 <James.Bottomley@HansenPartnership.com> | |
4 | * | |
17857eb8 MG |
5 | * read some platform configuration tables |
6 | */ | |
f892ac66 | 7 | #include "shim.h" |
17857eb8 MG |
8 | |
9 | void * | |
10 | configtable_get_table(EFI_GUID *guid) | |
11 | { | |
1f23ecc3 | 12 | unsigned int i; |
17857eb8 MG |
13 | |
14 | for (i = 0; i < ST->NumberOfTableEntries; i++) { | |
15 | EFI_CONFIGURATION_TABLE *CT = &ST->ConfigurationTable[i]; | |
16 | ||
17 | if (CompareGuid(guid, &CT->VendorGuid) == 0) { | |
18 | return CT->VendorTable; | |
19 | } | |
20 | } | |
21 | return NULL; | |
22 | } | |
23 | ||
24 | EFI_IMAGE_EXECUTION_INFO_TABLE * | |
25 | configtable_get_image_table(void) | |
26 | { | |
27 | return configtable_get_table(&SIG_DB); | |
28 | } | |
29 | ||
30 | EFI_IMAGE_EXECUTION_INFO * | |
31 | configtable_find_image(const EFI_DEVICE_PATH *DevicePath) | |
32 | { | |
33 | EFI_IMAGE_EXECUTION_INFO_TABLE *t = configtable_get_image_table(); | |
34 | ||
35 | if (!t) | |
36 | return NULL; | |
37 | ||
38 | int entries = t->NumberOfImages; | |
39 | EFI_IMAGE_EXECUTION_INFO *e = t->InformationInfo; | |
40 | ||
41 | int i; | |
42 | for (i = 0; i < entries; i++) { | |
43 | #ifdef DEBUG_CONFIG | |
f892ac66 | 44 | console_print(L"InfoSize = %d Action = %d\n", e->InfoSize, e->Action); |
17857eb8 MG |
45 | |
46 | /* print what we have for debugging */ | |
47 | UINT8 *d = (UINT8 *)e; // + sizeof(UINT32)*2; | |
f892ac66 | 48 | console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", |
031e5cce | 49 | d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); |
17857eb8 | 50 | d += 16; |
f892ac66 | 51 | console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", |
031e5cce | 52 | d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); |
17857eb8 | 53 | d += 16; |
f892ac66 | 54 | console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", |
031e5cce | 55 | d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); |
17857eb8 | 56 | d += 16; |
f892ac66 | 57 | console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", |
031e5cce | 58 | d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); |
17857eb8 | 59 | d += 16; |
f892ac66 | 60 | console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", |
031e5cce | 61 | d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); |
17857eb8 | 62 | d += 16; |
f892ac66 | 63 | console_print(L"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n", |
031e5cce | 64 | d[0], d[1], d[2], d[3], d[4], d[5], d[6], d[7], d[8], d[9], d[10], d[11], d[12], d[13], d[14], d[15]); |
17857eb8 MG |
65 | #endif |
66 | CHAR16 *name = (CHAR16 *)(e->Data); | |
67 | int skip = 0; | |
68 | ||
69 | /* There's a bug in a lot of EFI platforms and they forget to | |
70 | * put the name here. The only real way of detecting it is to | |
71 | * look for either a UC16 NULL or ASCII as UC16 */ | |
72 | if (name[0] == '\0' || (e->Data[1] == 0 && e->Data[3] == 0)) { | |
73 | skip = StrSize(name); | |
74 | #ifdef DEBUG_CONFIG | |
f892ac66 | 75 | console_print(L"FOUND NAME %s (%d)\n", name, skip); |
17857eb8 MG |
76 | #endif |
77 | } | |
78 | EFI_DEVICE_PATH *dp = (EFI_DEVICE_PATH *)(e->Data + skip), *dpn = dp; | |
79 | if (dp->Type == 0 || dp->Type > 6 || dp->SubType == 0 | |
1f23ecc3 | 80 | || ((unsigned)((dp->Length[1] << 8) + dp->Length[0]) > e->InfoSize)) { |
17857eb8 | 81 | /* Parse error, table corrupt, bail */ |
f892ac66 | 82 | console_print(L"Image Execution Information table corrupt\n"); |
17857eb8 MG |
83 | break; |
84 | } | |
85 | ||
86 | UINTN Size; | |
87 | DevicePathInstance(&dpn, &Size); | |
88 | #ifdef DEBUG_CONFIG | |
f892ac66 MTL |
89 | console_print(L"Path: %s\n", DevicePathToStr(dp)); |
90 | console_print(L"Device Path Size %d\n", Size); | |
17857eb8 MG |
91 | #endif |
92 | if (Size > e->InfoSize) { | |
031e5cce | 93 | /* parse error; the platform obviously has a |
17857eb8 | 94 | * corrupted image table; bail */ |
f892ac66 | 95 | console_print(L"Image Execution Information table corrupt\n"); |
17857eb8 MG |
96 | break; |
97 | } | |
031e5cce | 98 | |
aed556c4 | 99 | if (CompareMem(dp, (void *)DevicePath, Size) == 0) { |
17857eb8 | 100 | #ifdef DEBUG_CONFIG |
f892ac66 | 101 | console_print(L"***FOUND\n"); |
17857eb8 MG |
102 | console_get_keystroke(); |
103 | #endif | |
104 | return e; | |
105 | } | |
106 | e = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)e + e->InfoSize); | |
107 | } | |
108 | ||
109 | #ifdef DEBUG_CONFIG | |
f892ac66 | 110 | console_print(L"***NOT FOUND\n"); |
17857eb8 MG |
111 | console_get_keystroke(); |
112 | #endif | |
113 | ||
114 | return NULL; | |
115 | } | |
116 | ||
117 | int | |
118 | configtable_image_is_forbidden(const EFI_DEVICE_PATH *DevicePath) | |
119 | { | |
120 | EFI_IMAGE_EXECUTION_INFO *e = configtable_find_image(DevicePath); | |
121 | ||
122 | /* Image may not be in DB if it gets executed successfully If it is, | |
123 | * and EFI_IMAGE_EXECUTION_INITIALIZED is not set, then the image | |
124 | * isn't authenticated. If there's no signature, usually | |
125 | * EFI_IMAGE_EXECUTION_AUTH_UNTESTED is set, if the hash is in dbx, | |
126 | * EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND is returned, and if the key is | |
127 | * in dbx, EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED is returned*/ | |
128 | ||
129 | if (e && (e->Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND | |
130 | || e->Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED)) { | |
131 | /* this means the images signing key is in dbx */ | |
132 | #ifdef DEBUG_CONFIG | |
f892ac66 | 133 | console_print(L"SIGNATURE IS IN DBX, FORBIDDING EXECUTION\n"); |
17857eb8 MG |
134 | #endif |
135 | return 1; | |
136 | } | |
137 | ||
138 | return 0; | |
139 | } |