2 * Copyright 2013 <James.Bottomley@HansenPartnership.com>
6 * read some platform configuration tables
12 #include <configtable.h>
15 configtable_get_table(EFI_GUID
*guid
)
19 for (i
= 0; i
< ST
->NumberOfTableEntries
; i
++) {
20 EFI_CONFIGURATION_TABLE
*CT
= &ST
->ConfigurationTable
[i
];
22 if (CompareGuid(guid
, &CT
->VendorGuid
) == 0) {
23 return CT
->VendorTable
;
29 EFI_IMAGE_EXECUTION_INFO_TABLE
*
30 configtable_get_image_table(void)
32 return configtable_get_table(&SIG_DB
);
35 EFI_IMAGE_EXECUTION_INFO
*
36 configtable_find_image(const EFI_DEVICE_PATH
*DevicePath
)
38 EFI_IMAGE_EXECUTION_INFO_TABLE
*t
= configtable_get_image_table();
43 int entries
= t
->NumberOfImages
;
44 EFI_IMAGE_EXECUTION_INFO
*e
= t
->InformationInfo
;
47 for (i
= 0; i
< entries
; i
++) {
49 Print(L
"InfoSize = %d Action = %d\n", e
->InfoSize
, e
->Action
);
51 /* print what we have for debugging */
52 UINT8
*d
= (UINT8
*)e
; // + sizeof(UINT32)*2;
53 Print(L
"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
54 d
[0], d
[1], d
[2], d
[3], d
[4], d
[5], d
[6], d
[7], d
[8], d
[9], d
[10], d
[11], d
[12], d
[13], d
[14], d
[15]);
56 Print(L
"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
57 d
[0], d
[1], d
[2], d
[3], d
[4], d
[5], d
[6], d
[7], d
[8], d
[9], d
[10], d
[11], d
[12], d
[13], d
[14], d
[15]);
59 Print(L
"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
60 d
[0], d
[1], d
[2], d
[3], d
[4], d
[5], d
[6], d
[7], d
[8], d
[9], d
[10], d
[11], d
[12], d
[13], d
[14], d
[15]);
62 Print(L
"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
63 d
[0], d
[1], d
[2], d
[3], d
[4], d
[5], d
[6], d
[7], d
[8], d
[9], d
[10], d
[11], d
[12], d
[13], d
[14], d
[15]);
65 Print(L
"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
66 d
[0], d
[1], d
[2], d
[3], d
[4], d
[5], d
[6], d
[7], d
[8], d
[9], d
[10], d
[11], d
[12], d
[13], d
[14], d
[15]);
68 Print(L
"Data: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x\n",
69 d
[0], d
[1], d
[2], d
[3], d
[4], d
[5], d
[6], d
[7], d
[8], d
[9], d
[10], d
[11], d
[12], d
[13], d
[14], d
[15]);
71 CHAR16
*name
= (CHAR16
*)(e
->Data
);
74 /* There's a bug in a lot of EFI platforms and they forget to
75 * put the name here. The only real way of detecting it is to
76 * look for either a UC16 NULL or ASCII as UC16 */
77 if (name
[0] == '\0' || (e
->Data
[1] == 0 && e
->Data
[3] == 0)) {
80 Print(L
"FOUND NAME %s (%d)\n", name
, skip
);
83 EFI_DEVICE_PATH
*dp
= (EFI_DEVICE_PATH
*)(e
->Data
+ skip
), *dpn
= dp
;
84 if (dp
->Type
== 0 || dp
->Type
> 6 || dp
->SubType
== 0
85 || (((dp
->Length
[1] << 8) + dp
->Length
[0]) > e
->InfoSize
)) {
86 /* Parse error, table corrupt, bail */
87 Print(L
"Image Execution Information table corrupt\n");
92 DevicePathInstance(&dpn
, &Size
);
94 Print(L
"Path: %s\n", DevicePathToStr(dp
));
95 Print(L
"Device Path Size %d\n", Size
);
97 if (Size
> e
->InfoSize
) {
98 /* parse error; the platform obviously has a
99 * corrupted image table; bail */
100 Print(L
"Image Execution Information table corrupt\n");
104 if (CompareMem(dp
, (void *)DevicePath
, Size
) == 0) {
106 Print(L
"***FOUND\n");
107 console_get_keystroke();
111 e
= (EFI_IMAGE_EXECUTION_INFO
*)((UINT8
*)e
+ e
->InfoSize
);
115 Print(L
"***NOT FOUND\n");
116 console_get_keystroke();
123 configtable_image_is_forbidden(const EFI_DEVICE_PATH
*DevicePath
)
125 EFI_IMAGE_EXECUTION_INFO
*e
= configtable_find_image(DevicePath
);
127 /* Image may not be in DB if it gets executed successfully If it is,
128 * and EFI_IMAGE_EXECUTION_INITIALIZED is not set, then the image
129 * isn't authenticated. If there's no signature, usually
130 * EFI_IMAGE_EXECUTION_AUTH_UNTESTED is set, if the hash is in dbx,
131 * EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND is returned, and if the key is
132 * in dbx, EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED is returned*/
134 if (e
&& (e
->Action
== EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND
135 || e
->Action
== EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED
)) {
136 /* this means the images signing key is in dbx */
138 Print(L
"SIGNATURE IS IN DBX, FORBIDDING EXECUTION\n");