| 0c18794e |
1 | /** @file\r |
| 2 | Implement image verification services for secure boot service in UEFI2.3.1.\r |
| 3 | \r |
| 4 | Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r |
| 5 | This program and the accompanying materials \r |
| 6 | are licensed and made available under the terms and conditions of the BSD License \r |
| 7 | which accompanies this distribution. The full text of the license may be found at \r |
| 8 | http://opensource.org/licenses/bsd-license.php\r |
| 9 | \r |
| 10 | THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r |
| 11 | WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r |
| 12 | \r |
| 13 | **/\r |
| 14 | \r |
| 15 | #include "DxeImageVerificationLib.h"\r |
| 16 | \r |
| 17 | EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;\r |
| 18 | UINTN mImageSize;\r |
| 19 | UINT32 mPeCoffHeaderOffset; \r |
| 20 | UINT8 mImageDigest[MAX_DIGEST_SIZE];\r |
| 21 | UINTN mImageDigestSize;\r |
| 22 | EFI_IMAGE_DATA_DIRECTORY *mSecDataDir = NULL;\r |
| 23 | UINT8 *mImageBase = NULL;\r |
| 24 | EFI_GUID mCertType;\r |
| 25 | \r |
| 26 | //\r |
| 27 | // Notify string for authorization UI.\r |
| 28 | //\r |
| 29 | CHAR16 mNotifyString1[MAX_NOTIFY_STRING_LEN] = L"Image verification pass but not found in authorized database!";\r |
| 30 | CHAR16 mNotifyString2[MAX_NOTIFY_STRING_LEN] = L"Launch this image anyway? (Yes/Defer/No)";\r |
| 31 | //\r |
| 32 | // Public Exponent of RSA Key.\r |
| 33 | //\r |
| 34 | CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };\r |
| 35 | \r |
| 36 | \r |
| 37 | //\r |
| 38 | // OID ASN.1 Value for Hash Algorithms\r |
| 39 | //\r |
| 40 | UINT8 mHashOidValue[] = {\r |
| 41 | 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5\r |
| 42 | 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1\r |
| 43 | 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224\r |
| 44 | 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256\r |
| 45 | 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384\r |
| 46 | 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512\r |
| 47 | };\r |
| 48 | \r |
| 49 | HASH_TABLE mHash[] = {\r |
| 50 | { L"SHA1", 20, &mHashOidValue[8], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },\r |
| 51 | { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, NULL, NULL },\r |
| 52 | { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize,Sha256Init, Sha256Update, Sha256Final},\r |
| 53 | { L"SHA384", 48, &mHashOidValue[31], 9, NULL, NULL, NULL, NULL },\r |
| 54 | { L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL, NULL, NULL }\r |
| 55 | };\r |
| 56 | \r |
| 57 | \r |
| 58 | /**\r |
| 59 | Get the image type.\r |
| 60 | \r |
| 61 | @param[in] File This is a pointer to the device path of the file that is\r |
| 62 | being dispatched. \r |
| 63 | \r |
| 64 | @return UINT32 Image Type \r |
| 65 | \r |
| 66 | **/\r |
| 67 | UINT32\r |
| 68 | GetImageType (\r |
| 69 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File\r |
| 70 | )\r |
| 71 | {\r |
| 72 | EFI_STATUS Status;\r |
| 73 | EFI_HANDLE DeviceHandle; \r |
| 74 | EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;\r |
| 75 | EFI_BLOCK_IO_PROTOCOL *BlockIo;\r |
| 76 | \r |
| 77 | //\r |
| 78 | // First check to see if File is from a Firmware Volume\r |
| 79 | //\r |
| 80 | DeviceHandle = NULL;\r |
| 81 | TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;\r |
| 82 | Status = gBS->LocateDevicePath (\r |
| 83 | &gEfiFirmwareVolume2ProtocolGuid,\r |
| 84 | &TempDevicePath,\r |
| 85 | &DeviceHandle\r |
| 86 | );\r |
| 87 | if (!EFI_ERROR (Status)) {\r |
| 88 | Status = gBS->OpenProtocol (\r |
| 89 | DeviceHandle,\r |
| 90 | &gEfiFirmwareVolume2ProtocolGuid,\r |
| 91 | NULL,\r |
| 92 | NULL,\r |
| 93 | NULL,\r |
| 94 | EFI_OPEN_PROTOCOL_TEST_PROTOCOL\r |
| 95 | );\r |
| 96 | if (!EFI_ERROR (Status)) {\r |
| 97 | return IMAGE_FROM_FV;\r |
| 98 | }\r |
| 99 | }\r |
| 100 | \r |
| 101 | //\r |
| 102 | // Next check to see if File is from a Block I/O device\r |
| 103 | //\r |
| 104 | DeviceHandle = NULL;\r |
| 105 | TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;\r |
| 106 | Status = gBS->LocateDevicePath (\r |
| 107 | &gEfiBlockIoProtocolGuid,\r |
| 108 | &TempDevicePath,\r |
| 109 | &DeviceHandle\r |
| 110 | );\r |
| 111 | if (!EFI_ERROR (Status)) {\r |
| 112 | BlockIo = NULL;\r |
| 113 | Status = gBS->OpenProtocol (\r |
| 114 | DeviceHandle,\r |
| 115 | &gEfiBlockIoProtocolGuid,\r |
| 116 | (VOID **) &BlockIo,\r |
| 117 | NULL,\r |
| 118 | NULL,\r |
| 119 | EFI_OPEN_PROTOCOL_GET_PROTOCOL\r |
| 120 | );\r |
| 121 | if (!EFI_ERROR (Status) && BlockIo != NULL) {\r |
| 122 | if (BlockIo->Media != NULL) {\r |
| 123 | if (BlockIo->Media->RemovableMedia) {\r |
| 124 | //\r |
| 125 | // Block I/O is present and specifies the media is removable\r |
| 126 | //\r |
| 127 | return IMAGE_FROM_REMOVABLE_MEDIA;\r |
| 128 | } else {\r |
| 129 | //\r |
| 130 | // Block I/O is present and specifies the media is not removable\r |
| 131 | //\r |
| 132 | return IMAGE_FROM_FIXED_MEDIA;\r |
| 133 | }\r |
| 134 | }\r |
| 135 | }\r |
| 136 | }\r |
| 137 | \r |
| 138 | //\r |
| 139 | // File is not in a Firmware Volume or on a Block I/O device, so check to see if \r |
| 140 | // the device path supports the Simple File System Protocol.\r |
| 141 | //\r |
| 142 | DeviceHandle = NULL;\r |
| 143 | TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;\r |
| 144 | Status = gBS->LocateDevicePath (\r |
| 145 | &gEfiSimpleFileSystemProtocolGuid,\r |
| 146 | &TempDevicePath,\r |
| 147 | &DeviceHandle\r |
| 148 | );\r |
| 149 | if (!EFI_ERROR (Status)) {\r |
| 150 | //\r |
| 151 | // Simple File System is present without Block I/O, so assume media is fixed.\r |
| 152 | //\r |
| 153 | return IMAGE_FROM_FIXED_MEDIA;\r |
| 154 | }\r |
| 155 | \r |
| 156 | //\r |
| 157 | // File is not from an FV, Block I/O or Simple File System, so the only options\r |
| 158 | // left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC. \r |
| 159 | //\r |
| 160 | TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;\r |
| 161 | while (!IsDevicePathEndType (TempDevicePath)) {\r |
| 162 | switch (DevicePathType (TempDevicePath)) {\r |
| 163 | \r |
| 164 | case MEDIA_DEVICE_PATH:\r |
| 165 | if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) {\r |
| 166 | return IMAGE_FROM_OPTION_ROM;\r |
| 167 | }\r |
| 168 | break;\r |
| 169 | \r |
| 170 | case MESSAGING_DEVICE_PATH:\r |
| 171 | if (DevicePathSubType(TempDevicePath) == MSG_MAC_ADDR_DP) {\r |
| 172 | return IMAGE_FROM_REMOVABLE_MEDIA;\r |
| 173 | } \r |
| 174 | break;\r |
| 175 | \r |
| 176 | default:\r |
| 177 | break;\r |
| 178 | }\r |
| 179 | TempDevicePath = NextDevicePathNode (TempDevicePath);\r |
| 180 | }\r |
| 181 | return IMAGE_UNKNOWN; \r |
| 182 | }\r |
| 183 | \r |
| 184 | /**\r |
| 185 | Caculate hash of Pe/Coff image based on the authenticode image hashing in\r |
| 186 | PE/COFF Specification 8.0 Appendix A\r |
| 187 | \r |
| 188 | @param[in] HashAlg Hash algorithm type.\r |
| 189 | \r |
| 190 | @retval TRUE Successfully hash image.\r |
| 191 | @retval FALSE Fail in hash image.\r |
| 192 | \r |
| 193 | **/\r |
| 194 | BOOLEAN \r |
| 195 | HashPeImage (\r |
| 196 | IN UINT32 HashAlg\r |
| 197 | )\r |
| 198 | {\r |
| 199 | BOOLEAN Status;\r |
| 200 | UINT16 Magic;\r |
| 201 | EFI_IMAGE_SECTION_HEADER *Section;\r |
| 202 | VOID *HashCtx;\r |
| 203 | UINTN CtxSize;\r |
| 204 | UINT8 *HashBase;\r |
| 205 | UINTN HashSize;\r |
| 206 | UINTN SumOfBytesHashed;\r |
| 207 | EFI_IMAGE_SECTION_HEADER *SectionHeader;\r |
| 208 | UINTN Index;\r |
| 209 | UINTN Pos;\r |
| 570b3d1a |
210 | UINTN SumOfSectionBytes;\r |
| 211 | EFI_IMAGE_SECTION_HEADER *SectionCache; \r |
| 212 | \r |
| 0c18794e |
213 | HashCtx = NULL;\r |
| 214 | SectionHeader = NULL;\r |
| 215 | Status = FALSE;\r |
| 216 | \r |
| 217 | if ((HashAlg != HASHALG_SHA1) && (HashAlg != HASHALG_SHA256)) {\r |
| 218 | return FALSE;\r |
| 219 | }\r |
| 220 | \r |
| 221 | //\r |
| 222 | // Initialize context of hash.\r |
| 223 | //\r |
| 224 | ZeroMem (mImageDigest, MAX_DIGEST_SIZE);\r |
| 225 | \r |
| 226 | if (HashAlg == HASHALG_SHA1) {\r |
| 227 | mImageDigestSize = SHA1_DIGEST_SIZE;\r |
| 228 | mCertType = gEfiCertSha1Guid;\r |
| 229 | } else if (HashAlg == HASHALG_SHA256) {\r |
| 230 | mImageDigestSize = SHA256_DIGEST_SIZE;\r |
| 231 | mCertType = gEfiCertSha256Guid;\r |
| 232 | } else {\r |
| 233 | return FALSE;\r |
| 234 | }\r |
| 235 | \r |
| 236 | CtxSize = mHash[HashAlg].GetContextSize();\r |
| 237 | \r |
| 238 | HashCtx = AllocatePool (CtxSize);\r |
| 570b3d1a |
239 | if (HashCtx == NULL) {\r |
| 240 | return FALSE;\r |
| 241 | }\r |
| 0c18794e |
242 | \r |
| 243 | // 1. Load the image header into memory.\r |
| 244 | \r |
| 245 | // 2. Initialize a SHA hash context.\r |
| 246 | Status = mHash[HashAlg].HashInit(HashCtx);\r |
| 247 | \r |
| 248 | if (!Status) {\r |
| 249 | goto Done;\r |
| 250 | }\r |
| 251 | //\r |
| 252 | // Measuring PE/COFF Image Header;\r |
| 253 | // But CheckSum field and SECURITY data directory (certificate) are excluded\r |
| 254 | //\r |
| 255 | Magic = mNtHeader.Pe32->OptionalHeader.Magic;\r |
| 256 | //\r |
| 257 | // 3. Calculate the distance from the base of the image header to the image checksum address.\r |
| 258 | // 4. Hash the image header from its base to beginning of the image checksum.\r |
| 259 | //\r |
| 260 | HashBase = mImageBase;\r |
| 261 | if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r |
| 262 | //\r |
| 263 | // Use PE32 offset.\r |
| 264 | //\r |
| 265 | HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - HashBase);\r |
| 570b3d1a |
266 | } else if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) {\r |
| 0c18794e |
267 | //\r |
| 268 | // Use PE32+ offset.\r |
| 269 | //\r |
| 270 | HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - HashBase);\r |
| 570b3d1a |
271 | } else {\r |
| 272 | //\r |
| 273 | // Invalid header magic number.\r |
| 274 | //\r |
| 275 | Status = FALSE;\r |
| 276 | goto Done;\r |
| 0c18794e |
277 | }\r |
| 278 | \r |
| 279 | Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);\r |
| 280 | if (!Status) {\r |
| 281 | goto Done;\r |
| 282 | }\r |
| 283 | //\r |
| 284 | // 5. Skip over the image checksum (it occupies a single ULONG).\r |
| 285 | // 6. Get the address of the beginning of the Cert Directory.\r |
| 286 | // 7. Hash everything from the end of the checksum to the start of the Cert Directory.\r |
| 287 | //\r |
| 288 | if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r |
| 289 | //\r |
| 290 | // Use PE32 offset.\r |
| 291 | //\r |
| 292 | HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);\r |
| 293 | HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);\r |
| 294 | } else {\r |
| 295 | //\r |
| 296 | // Use PE32+ offset.\r |
| 297 | // \r |
| 298 | HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);\r |
| 299 | HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);\r |
| 300 | }\r |
| 301 | \r |
| 302 | Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);\r |
| 303 | if (!Status) {\r |
| 304 | goto Done;\r |
| 305 | }\r |
| 306 | //\r |
| 307 | // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)\r |
| 308 | // 9. Hash everything from the end of the Cert Directory to the end of image header.\r |
| 309 | //\r |
| 310 | if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r |
| 311 | //\r |
| 312 | // Use PE32 offset\r |
| 313 | //\r |
| 314 | HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r |
| 315 | HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - mImageBase);\r |
| 316 | } else {\r |
| 317 | //\r |
| 318 | // Use PE32+ offset.\r |
| 319 | //\r |
| 320 | HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];\r |
| 321 | HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]) - mImageBase);\r |
| 322 | }\r |
| 323 | \r |
| 324 | Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);\r |
| 325 | if (!Status) {\r |
| 326 | goto Done;\r |
| 327 | }\r |
| 328 | //\r |
| 329 | // 10. Set the SUM_OF_BYTES_HASHED to the size of the header.\r |
| 330 | //\r |
| 331 | if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r |
| 332 | //\r |
| 333 | // Use PE32 offset.\r |
| 334 | //\r |
| 335 | SumOfBytesHashed = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders;\r |
| 336 | } else {\r |
| 337 | //\r |
| 338 | // Use PE32+ offset\r |
| 339 | //\r |
| 340 | SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders;\r |
| 341 | }\r |
| 342 | \r |
| 570b3d1a |
343 | \r |
| 344 | Section = (EFI_IMAGE_SECTION_HEADER *) (\r |
| 345 | mImageBase +\r |
| 346 | mPeCoffHeaderOffset +\r |
| 347 | sizeof (UINT32) +\r |
| 348 | sizeof (EFI_IMAGE_FILE_HEADER) +\r |
| 349 | mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader\r |
| 350 | );\r |
| 351 | \r |
| 352 | SectionCache = Section;\r |
| 353 | for (Index = 0, SumOfSectionBytes = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++, SectionCache++) {\r |
| 354 | SumOfSectionBytes += SectionCache->SizeOfRawData;\r |
| 355 | }\r |
| 356 | \r |
| 357 | //\r |
| 358 | // Sanity check for file corruption. Sections raw data size should be smaller\r |
| 359 | // than Image Size.\r |
| 360 | //\r |
| 361 | if (SumOfSectionBytes >= mImageSize) {\r |
| 362 | Status = FALSE;\r |
| 363 | goto Done;\r |
| 364 | }\r |
| 365 | \r |
| 0c18794e |
366 | //\r |
| 367 | // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER\r |
| 368 | // structures in the image. The 'NumberOfSections' field of the image\r |
| 369 | // header indicates how big the table should be. Do not include any\r |
| 370 | // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.\r |
| 371 | //\r |
| 372 | SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);\r |
| 570b3d1a |
373 | if (SectionHeader == NULL) {\r |
| 374 | Status = FALSE;\r |
| 375 | goto Done;\r |
| 376 | }\r |
| 0c18794e |
377 | //\r |
| 378 | // 12. Using the 'PointerToRawData' in the referenced section headers as\r |
| 379 | // a key, arrange the elements in the table in ascending order. In other\r |
| 380 | // words, sort the section headers according to the disk-file offset of\r |
| 381 | // the section.\r |
| 382 | //\r |
| 0c18794e |
383 | for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) {\r |
| 384 | Pos = Index;\r |
| 385 | while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {\r |
| 386 | CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));\r |
| 387 | Pos--;\r |
| 388 | }\r |
| 389 | CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));\r |
| 390 | Section += 1;\r |
| 391 | }\r |
| 392 | \r |
| 393 | //\r |
| 394 | // 13. Walk through the sorted table, bring the corresponding section\r |
| 395 | // into memory, and hash the entire section (using the 'SizeOfRawData'\r |
| 396 | // field in the section header to determine the amount of data to hash).\r |
| 397 | // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .\r |
| 398 | // 15. Repeat steps 13 and 14 for all the sections in the sorted table.\r |
| 399 | //\r |
| 400 | for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) {\r |
| 401 | Section = &SectionHeader[Index];\r |
| 402 | if (Section->SizeOfRawData == 0) {\r |
| 403 | continue;\r |
| 404 | }\r |
| 405 | HashBase = mImageBase + Section->PointerToRawData;\r |
| 406 | HashSize = (UINTN) Section->SizeOfRawData;\r |
| 407 | \r |
| 408 | Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);\r |
| 409 | if (!Status) {\r |
| 410 | goto Done;\r |
| 411 | }\r |
| 412 | \r |
| 413 | SumOfBytesHashed += HashSize;\r |
| 414 | }\r |
| 415 | \r |
| 416 | //\r |
| 417 | // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra\r |
| 418 | // data in the file that needs to be added to the hash. This data begins\r |
| 419 | // at file offset SUM_OF_BYTES_HASHED and its length is:\r |
| 420 | // FileSize - (CertDirectory->Size)\r |
| 421 | //\r |
| 422 | if (mImageSize > SumOfBytesHashed) {\r |
| 423 | HashBase = mImageBase + SumOfBytesHashed;\r |
| 424 | if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r |
| 425 | //\r |
| 426 | // Use PE32 offset.\r |
| 427 | //\r |
| 428 | HashSize = (UINTN)(\r |
| 429 | mImageSize -\r |
| 430 | mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -\r |
| 431 | SumOfBytesHashed);\r |
| 432 | } else {\r |
| 433 | //\r |
| 434 | // Use PE32+ offset.\r |
| 435 | //\r |
| 436 | HashSize = (UINTN)(\r |
| 437 | mImageSize -\r |
| 438 | mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size -\r |
| 439 | SumOfBytesHashed); \r |
| 440 | }\r |
| 441 | \r |
| 442 | Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);\r |
| 443 | if (!Status) {\r |
| 444 | goto Done;\r |
| 445 | }\r |
| 446 | }\r |
| 447 | Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest);\r |
| 448 | \r |
| 449 | Done:\r |
| 450 | if (HashCtx != NULL) {\r |
| 451 | FreePool (HashCtx);\r |
| 452 | }\r |
| 453 | if (SectionHeader != NULL) {\r |
| 454 | FreePool (SectionHeader);\r |
| 455 | }\r |
| 456 | return Status;\r |
| 457 | }\r |
| 458 | \r |
| 459 | /**\r |
| 460 | Recognize the Hash algorithm in PE/COFF Authenticode and caculate hash of \r |
| 461 | Pe/Coff image based on the authenticode image hashing in PE/COFF Specification \r |
| 462 | 8.0 Appendix A\r |
| 463 | \r |
| 464 | @retval EFI_UNSUPPORTED Hash algorithm is not supported.\r |
| 465 | @retval EFI_SUCCESS Hash successfully.\r |
| 466 | \r |
| 467 | **/\r |
| 468 | EFI_STATUS \r |
| 469 | HashPeImageByType (\r |
| 470 | VOID\r |
| 471 | )\r |
| 472 | {\r |
| 473 | UINT8 Index;\r |
| 474 | WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;\r |
| 475 | \r |
| 476 | PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress);\r |
| 477 | \r |
| 478 | for (Index = 0; Index < HASHALG_MAX; Index++) { \r |
| 479 | //\r |
| 480 | // Check the Hash algorithm in PE/COFF Authenticode.\r |
| 481 | // According to PKCS#7 Definition: \r |
| 482 | // SignedData ::= SEQUENCE {\r |
| 483 | // version Version,\r |
| 484 | // digestAlgorithms DigestAlgorithmIdentifiers,\r |
| 485 | // contentInfo ContentInfo,\r |
| 486 | // .... }\r |
| 487 | // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing\r |
| 488 | // This field has the fixed offset (+32) in final Authenticode ASN.1 data.\r |
| 489 | // \r |
| 490 | if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {\r |
| 491 | break;\r |
| 492 | }\r |
| 493 | }\r |
| 494 | \r |
| 495 | if (Index == HASHALG_MAX) {\r |
| 496 | return EFI_UNSUPPORTED;\r |
| 497 | }\r |
| 498 | \r |
| 499 | //\r |
| 500 | // HASH PE Image based on Hash algorithm in PE/COFF Authenticode.\r |
| 501 | //\r |
| 502 | if (!HashPeImage(Index)) {\r |
| 503 | return EFI_UNSUPPORTED;\r |
| 504 | }\r |
| 505 | \r |
| 506 | return EFI_SUCCESS;\r |
| 507 | }\r |
| 508 | \r |
| 509 | \r |
| 510 | /**\r |
| 511 | Returns the size of a given image execution info table in bytes.\r |
| 512 | \r |
| 513 | This function returns the size, in bytes, of the image execution info table specified by\r |
| 514 | ImageExeInfoTable. If ImageExeInfoTable is NULL, then 0 is returned.\r |
| 515 | \r |
| 516 | @param ImageExeInfoTable A pointer to a image execution info table structure.\r |
| 517 | \r |
| 518 | @retval 0 If ImageExeInfoTable is NULL.\r |
| 519 | @retval Others The size of a image execution info table in bytes.\r |
| 520 | \r |
| 521 | **/\r |
| 522 | UINTN\r |
| 523 | GetImageExeInfoTableSize (\r |
| 524 | EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable\r |
| 525 | )\r |
| 526 | {\r |
| 527 | UINTN Index;\r |
| 528 | EFI_IMAGE_EXECUTION_INFO *ImageExeInfoItem;\r |
| 529 | UINTN TotalSize;\r |
| 530 | \r |
| 531 | if (ImageExeInfoTable == NULL) {\r |
| 532 | return 0;\r |
| 533 | }\r |
| 534 | \r |
| 535 | ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE));\r |
| 536 | TotalSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);\r |
| 537 | for (Index = 0; Index < ImageExeInfoTable->NumberOfImages; Index++) {\r |
| 538 | TotalSize += ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize);\r |
| 539 | ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoItem + ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize));\r |
| 540 | }\r |
| 541 | \r |
| 542 | return TotalSize;\r |
| 543 | }\r |
| 544 | \r |
| 545 | /**\r |
| 546 | Create an Image Execution Information Table entry and add it to system configuration table.\r |
| 547 | \r |
| 548 | @param[in] Action Describes the action taken by the firmware regarding this image.\r |
| 549 | @param[in] Name Input a null-terminated, user-friendly name.\r |
| 550 | @param[in] DevicePath Input device path pointer.\r |
| 551 | @param[in] Signature Input signature info in EFI_SIGNATURE_LIST data structure.\r |
| 552 | @param[in] SignatureSize Size of signature.\r |
| 553 | \r |
| 554 | **/\r |
| 555 | VOID\r |
| 556 | AddImageExeInfo (\r |
| 557 | IN EFI_IMAGE_EXECUTION_ACTION Action, \r |
| 558 | IN CHAR16 *Name OPTIONAL, \r |
| 559 | IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath,\r |
| 560 | IN EFI_SIGNATURE_LIST *Signature OPTIONAL,\r |
| 561 | IN UINTN SignatureSize\r |
| 562 | )\r |
| 563 | {\r |
| 0c18794e |
564 | EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable;\r |
| 565 | EFI_IMAGE_EXECUTION_INFO_TABLE *NewImageExeInfoTable;\r |
| 566 | EFI_IMAGE_EXECUTION_INFO *ImageExeInfoEntry;\r |
| 567 | UINTN ImageExeInfoTableSize;\r |
| 568 | UINTN NewImageExeInfoEntrySize;\r |
| 569 | UINTN NameStringLen;\r |
| 570 | UINTN DevicePathSize;\r |
| 571 | \r |
| 0c18794e |
572 | ImageExeInfoTable = NULL;\r |
| 573 | NewImageExeInfoTable = NULL;\r |
| 574 | ImageExeInfoEntry = NULL;\r |
| 575 | NameStringLen = 0;\r |
| 576 | \r |
| 570b3d1a |
577 | if (DevicePath == NULL) {\r |
| 578 | return ;\r |
| 579 | }\r |
| 580 | \r |
| 0c18794e |
581 | if (Name != NULL) {\r |
| 582 | NameStringLen = StrSize (Name);\r |
| 583 | }\r |
| 584 | \r |
| 585 | ImageExeInfoTable = NULL;\r |
| 586 | EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID**)&ImageExeInfoTable);\r |
| 587 | if (ImageExeInfoTable != NULL) {\r |
| 588 | //\r |
| 589 | // The table has been found!\r |
| 590 | // We must enlarge the table to accmodate the new exe info entry.\r |
| 591 | //\r |
| 592 | ImageExeInfoTableSize = GetImageExeInfoTableSize (ImageExeInfoTable);\r |
| 593 | } else {\r |
| 594 | //\r |
| 595 | // Not Found!\r |
| 596 | // We should create a new table to append to the configuration table.\r |
| 597 | //\r |
| 598 | ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);\r |
| 599 | }\r |
| 600 | \r |
| 601 | DevicePathSize = GetDevicePathSize (DevicePath);\r |
| 602 | NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;\r |
| 603 | NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);\r |
| 570b3d1a |
604 | if (NewImageExeInfoTable == NULL) {\r |
| 605 | return ;\r |
| 606 | }\r |
| 0c18794e |
607 | \r |
| 608 | if (ImageExeInfoTable != NULL) {\r |
| 609 | CopyMem (NewImageExeInfoTable, ImageExeInfoTable, ImageExeInfoTableSize);\r |
| 610 | } else {\r |
| 611 | NewImageExeInfoTable->NumberOfImages = 0;\r |
| 612 | }\r |
| 613 | NewImageExeInfoTable->NumberOfImages++;\r |
| 614 | ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) NewImageExeInfoTable + ImageExeInfoTableSize);\r |
| 615 | //\r |
| 616 | // Update new item's infomation.\r |
| 617 | //\r |
| 618 | WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->Action, Action);\r |
| 619 | WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->InfoSize, (UINT32) NewImageExeInfoEntrySize);\r |
| 620 | \r |
| 621 | if (Name != NULL) {\r |
| 622 | CopyMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), Name, NameStringLen);\r |
| 623 | }\r |
| 624 | CopyMem (\r |
| 625 | (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen,\r |
| 626 | DevicePath,\r |
| 627 | DevicePathSize\r |
| 628 | );\r |
| 629 | if (Signature != NULL) {\r |
| 630 | CopyMem (\r |
| 631 | (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen + DevicePathSize,\r |
| 632 | Signature,\r |
| 633 | SignatureSize\r |
| 634 | );\r |
| 635 | }\r |
| 636 | //\r |
| 637 | // Update/replace the image execution table.\r |
| 638 | //\r |
| 570b3d1a |
639 | gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) NewImageExeInfoTable);\r |
| 640 | \r |
| 0c18794e |
641 | //\r |
| 642 | // Free Old table data!\r |
| 643 | //\r |
| 644 | if (ImageExeInfoTable != NULL) {\r |
| 645 | FreePool (ImageExeInfoTable);\r |
| 646 | }\r |
| 647 | }\r |
| 648 | \r |
| 649 | /**\r |
| 650 | Discover if the UEFI image is authorized by user's policy setting.\r |
| 651 | \r |
| 652 | @param[in] Policy Specify platform's policy setting. \r |
| 653 | \r |
| 654 | @retval EFI_ACCESS_DENIED Image is not allowed to run.\r |
| 655 | @retval EFI_SECURITY_VIOLATION Image is deferred.\r |
| 656 | @retval EFI_SUCCESS Image is authorized to run.\r |
| 657 | \r |
| 658 | **/\r |
| 659 | EFI_STATUS\r |
| 660 | ImageAuthorization (\r |
| 661 | IN UINT32 Policy\r |
| 662 | )\r |
| 663 | {\r |
| 664 | EFI_STATUS Status;\r |
| 665 | EFI_INPUT_KEY Key;\r |
| 666 | \r |
| 667 | Status = EFI_ACCESS_DENIED;\r |
| 668 | \r |
| 669 | switch (Policy) {\r |
| 670 | \r |
| 671 | case QUERY_USER_ON_SECURITY_VIOLATION:\r |
| 672 | do {\r |
| 673 | CreatePopUp (EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, &Key, mNotifyString1, mNotifyString2, NULL);\r |
| 674 | if (Key.UnicodeChar == L'Y' || Key.UnicodeChar == L'y') {\r |
| 675 | Status = EFI_SUCCESS;\r |
| 676 | break;\r |
| 677 | } else if (Key.UnicodeChar == L'N' || Key.UnicodeChar == L'n') {\r |
| 678 | Status = EFI_ACCESS_DENIED;\r |
| 679 | break;\r |
| 680 | } else if (Key.UnicodeChar == L'D' || Key.UnicodeChar == L'd') {\r |
| 681 | Status = EFI_SECURITY_VIOLATION;\r |
| 682 | break;\r |
| 683 | }\r |
| 684 | } while (TRUE);\r |
| 685 | break;\r |
| 686 | \r |
| 687 | case ALLOW_EXECUTE_ON_SECURITY_VIOLATION:\r |
| 688 | Status = EFI_SUCCESS;\r |
| 689 | break;\r |
| 690 | \r |
| 691 | case DEFER_EXECUTE_ON_SECURITY_VIOLATION:\r |
| 692 | Status = EFI_SECURITY_VIOLATION;\r |
| 693 | break;\r |
| 694 | \r |
| 695 | case DENY_EXECUTE_ON_SECURITY_VIOLATION:\r |
| 696 | Status = EFI_ACCESS_DENIED;\r |
| 697 | break;\r |
| 698 | }\r |
| 699 | \r |
| 700 | return Status;\r |
| 701 | }\r |
| 702 | \r |
| 703 | /**\r |
| 704 | Check whether signature is in specified database.\r |
| 705 | \r |
| 706 | @param[in] VariableName Name of database variable that is searched in.\r |
| 707 | @param[in] Signature Pointer to signature that is searched for.\r |
| 708 | @param[in] CertType Pointer to hash algrithom.\r |
| 709 | @param[in] SignatureSize Size of Signature.\r |
| 710 | \r |
| 711 | @return TRUE Found the signature in the variable database.\r |
| 712 | @return FALSE Not found the signature in the variable database.\r |
| 713 | \r |
| 714 | **/\r |
| 715 | BOOLEAN\r |
| 716 | IsSignatureFoundInDatabase (\r |
| 717 | IN CHAR16 *VariableName,\r |
| 718 | IN UINT8 *Signature, \r |
| 719 | IN EFI_GUID *CertType,\r |
| 720 | IN UINTN SignatureSize\r |
| 721 | )\r |
| 722 | {\r |
| 723 | EFI_STATUS Status;\r |
| 724 | EFI_SIGNATURE_LIST *CertList;\r |
| 725 | EFI_SIGNATURE_DATA *Cert;\r |
| 726 | UINTN DataSize;\r |
| 727 | UINT8 *Data;\r |
| 728 | UINTN Index;\r |
| 729 | UINTN CertCount;\r |
| 730 | BOOLEAN IsFound;\r |
| 731 | //\r |
| 732 | // Read signature database variable.\r |
| 733 | //\r |
| 734 | IsFound = FALSE;\r |
| 735 | Data = NULL;\r |
| 736 | DataSize = 0;\r |
| 737 | Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);\r |
| 738 | if (Status != EFI_BUFFER_TOO_SMALL) {\r |
| 739 | return FALSE;\r |
| 740 | }\r |
| 741 | \r |
| 742 | Data = (UINT8 *) AllocateZeroPool (DataSize);\r |
| 570b3d1a |
743 | if (Data == NULL) {\r |
| 744 | return FALSE;\r |
| 745 | }\r |
| 0c18794e |
746 | \r |
| 747 | Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, Data);\r |
| 748 | if (EFI_ERROR (Status)) {\r |
| 749 | goto Done;\r |
| 750 | }\r |
| 751 | //\r |
| 752 | // Enumerate all signature data in SigDB to check if executable's signature exists.\r |
| 753 | //\r |
| 754 | CertList = (EFI_SIGNATURE_LIST *) Data;\r |
| 755 | while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {\r |
| 756 | CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r |
| 757 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r |
| 758 | if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, CertType))) {\r |
| 759 | for (Index = 0; Index < CertCount; Index++) {\r |
| 760 | if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) {\r |
| 761 | //\r |
| 762 | // Find the signature in database.\r |
| 763 | //\r |
| 764 | IsFound = TRUE;\r |
| 765 | break;\r |
| 766 | }\r |
| 767 | \r |
| 768 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r |
| 769 | }\r |
| 770 | \r |
| 771 | if (IsFound) {\r |
| 772 | break;\r |
| 773 | }\r |
| 774 | }\r |
| 775 | \r |
| 776 | DataSize -= CertList->SignatureListSize;\r |
| 777 | CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r |
| 778 | }\r |
| 779 | \r |
| 780 | Done:\r |
| 781 | if (Data != NULL) {\r |
| 782 | FreePool (Data);\r |
| 783 | }\r |
| 784 | \r |
| 785 | return IsFound;\r |
| 786 | }\r |
| 787 | \r |
| 788 | /**\r |
| 789 | Verify certificate in WIN_CERT_TYPE_PKCS_SIGNED_DATA format .\r |
| 790 | \r |
| 791 | @retval EFI_SUCCESS Image pass verification.\r |
| 792 | @retval EFI_SECURITY_VIOLATION Image fail verification.\r |
| 570b3d1a |
793 | @retval EFI_OUT_OF_RESOURCE Fail to allocate memory.\r |
| 0c18794e |
794 | \r |
| 795 | **/\r |
| 796 | EFI_STATUS \r |
| 797 | VerifyCertPkcsSignedData (\r |
| 798 | VOID\r |
| 799 | )\r |
| 800 | {\r |
| 801 | EFI_STATUS Status;\r |
| 802 | BOOLEAN VerifyStatus;\r |
| 803 | WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;\r |
| 804 | EFI_SIGNATURE_LIST *CertList;\r |
| 805 | EFI_SIGNATURE_DATA *Cert;\r |
| 806 | UINTN DataSize;\r |
| 570b3d1a |
807 | UINT8 *KekData;\r |
| 808 | UINT8 *DbData;\r |
| 0c18794e |
809 | UINT8 *RootCert;\r |
| 810 | UINTN RootCertSize;\r |
| 811 | UINTN Index;\r |
| 812 | UINTN CertCount;\r |
| 813 | \r |
| 570b3d1a |
814 | KekData = NULL;\r |
| 815 | DbData = NULL;\r |
| 0c18794e |
816 | CertList = NULL;\r |
| 817 | Cert = NULL;\r |
| 818 | RootCert = NULL;\r |
| 819 | RootCertSize = 0;\r |
| 820 | VerifyStatus = FALSE;\r |
| 821 | PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress);\r |
| 822 | \r |
| 823 | //\r |
| 824 | // 1: Find certificate from KEK database and try to verify authenticode struct.\r |
| 825 | //\r |
| 826 | DataSize = 0;\r |
| 827 | Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &DataSize, NULL);\r |
| 828 | if (Status == EFI_BUFFER_TOO_SMALL) {\r |
| 570b3d1a |
829 | KekData = (UINT8 *)AllocateZeroPool (DataSize);\r |
| 830 | if (KekData == NULL) {\r |
| 831 | return EFI_OUT_OF_RESOURCES;\r |
| 832 | }\r |
| 0c18794e |
833 | \r |
| 570b3d1a |
834 | Status = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &DataSize, (VOID *)KekData);\r |
| 0c18794e |
835 | if (EFI_ERROR (Status)) {\r |
| 836 | goto Done;\r |
| 837 | }\r |
| 838 | \r |
| 839 | //\r |
| 840 | // Find Cert Enrolled in KEK database to verify the signature in pkcs7 signed data.\r |
| 841 | // \r |
| 570b3d1a |
842 | CertList = (EFI_SIGNATURE_LIST *) KekData;\r |
| 0c18794e |
843 | while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {\r |
| 844 | if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {\r |
| 845 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r |
| 846 | CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r |
| 847 | for (Index = 0; Index < CertCount; Index++) {\r |
| 848 | //\r |
| 849 | // Iterate each Signature Data Node within this CertList for a verify\r |
| 850 | // \r |
| 851 | RootCert = Cert->SignatureData;\r |
| 852 | RootCertSize = CertList->SignatureSize;\r |
| 853 | \r |
| 854 | //\r |
| 855 | // Call AuthenticodeVerify library to Verify Authenticode struct. \r |
| 856 | //\r |
| 857 | VerifyStatus = AuthenticodeVerify (\r |
| 858 | PkcsCertData->CertData,\r |
| 859 | mSecDataDir->Size - sizeof(PkcsCertData->Hdr),\r |
| 860 | RootCert,\r |
| 861 | RootCertSize,\r |
| 862 | mImageDigest,\r |
| 863 | mImageDigestSize\r |
| 864 | );\r |
| 865 | \r |
| 866 | if (VerifyStatus) {\r |
| 867 | goto Done;\r |
| 868 | }\r |
| 869 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r |
| 870 | } \r |
| 871 | }\r |
| 872 | DataSize -= CertList->SignatureListSize;\r |
| 873 | CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r |
| 874 | }\r |
| 875 | }\r |
| 876 | \r |
| 877 | \r |
| 878 | \r |
| 879 | //\r |
| 880 | // 2: Find certificate from DB database and try to verify authenticode struct.\r |
| 881 | //\r |
| 882 | DataSize = 0;\r |
| 883 | Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);\r |
| 884 | if (Status == EFI_BUFFER_TOO_SMALL) {\r |
| 570b3d1a |
885 | DbData = (UINT8 *)AllocateZeroPool (DataSize);\r |
| 886 | if (DbData == NULL) {\r |
| 887 | goto Done;\r |
| 888 | }\r |
| 0c18794e |
889 | \r |
| 570b3d1a |
890 | Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *)DbData);\r |
| 0c18794e |
891 | if (EFI_ERROR (Status)) {\r |
| 892 | goto Done;\r |
| 893 | }\r |
| 894 | \r |
| 895 | //\r |
| 896 | // Find Cert Enrolled in DB database to verify the signature in pkcs7 signed data.\r |
| 897 | // \r |
| 570b3d1a |
898 | CertList = (EFI_SIGNATURE_LIST *) DbData;\r |
| 0c18794e |
899 | while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {\r |
| 900 | if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {\r |
| 901 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);\r |
| 902 | CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;\r |
| 903 | for (Index = 0; Index < CertCount; Index++) {\r |
| 904 | //\r |
| 905 | // Iterate each Signature Data Node within this CertList for a verify\r |
| 906 | // \r |
| 907 | RootCert = Cert->SignatureData;\r |
| 908 | RootCertSize = CertList->SignatureSize;\r |
| 909 | \r |
| 910 | //\r |
| 911 | // Call AuthenticodeVerify library to Verify Authenticode struct. \r |
| 912 | //\r |
| 913 | VerifyStatus = AuthenticodeVerify (\r |
| 914 | PkcsCertData->CertData,\r |
| 915 | mSecDataDir->Size - sizeof(PkcsCertData->Hdr),\r |
| 916 | RootCert,\r |
| 917 | RootCertSize,\r |
| 918 | mImageDigest,\r |
| 919 | mImageDigestSize\r |
| 920 | );\r |
| 921 | \r |
| 922 | if (VerifyStatus) {\r |
| 923 | goto Done;\r |
| 924 | }\r |
| 925 | Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);\r |
| 926 | } \r |
| 927 | }\r |
| 928 | DataSize -= CertList->SignatureListSize;\r |
| 929 | CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);\r |
| 930 | }\r |
| 931 | }\r |
| 932 | \r |
| 933 | Done:\r |
| 570b3d1a |
934 | if (KekData != NULL) {\r |
| 935 | FreePool (KekData);\r |
| 936 | }\r |
| 937 | \r |
| 938 | if (DbData != NULL) {\r |
| 939 | FreePool (DbData);\r |
| 0c18794e |
940 | }\r |
| 941 | \r |
| 942 | if (VerifyStatus) {\r |
| 943 | return EFI_SUCCESS;\r |
| 944 | } else {\r |
| 945 | return EFI_SECURITY_VIOLATION;\r |
| 946 | }\r |
| 947 | }\r |
| 948 | \r |
| 949 | /**\r |
| 950 | Verify certificate in WIN_CERTIFICATE_UEFI_GUID format. \r |
| 951 | \r |
| 952 | @retval EFI_SUCCESS Image pass verification.\r |
| 953 | @retval EFI_SECURITY_VIOLATION Image fail verification.\r |
| 954 | @retval other error value\r |
| 955 | \r |
| 956 | **/\r |
| 957 | EFI_STATUS \r |
| 958 | VerifyCertUefiGuid (\r |
| 959 | VOID\r |
| 960 | )\r |
| 961 | {\r |
| 962 | BOOLEAN Status;\r |
| 963 | WIN_CERTIFICATE_UEFI_GUID *EfiCert;\r |
| 964 | EFI_SIGNATURE_LIST *KekList;\r |
| 965 | EFI_SIGNATURE_DATA *KekItem;\r |
| 966 | EFI_CERT_BLOCK_RSA_2048_SHA256 *CertBlock;\r |
| 967 | VOID *Rsa;\r |
| 968 | UINTN KekCount;\r |
| 969 | UINTN Index;\r |
| 970 | UINTN KekDataSize;\r |
| 971 | BOOLEAN IsFound;\r |
| 972 | EFI_STATUS Result;\r |
| 973 | \r |
| 974 | EfiCert = NULL;\r |
| 975 | KekList = NULL;\r |
| 976 | KekItem = NULL;\r |
| 977 | CertBlock = NULL;\r |
| 978 | Rsa = NULL;\r |
| 979 | Status = FALSE;\r |
| 980 | IsFound = FALSE;\r |
| 981 | KekDataSize = 0;\r |
| 982 | \r |
| 983 | EfiCert = (WIN_CERTIFICATE_UEFI_GUID *) (mImageBase + mSecDataDir->VirtualAddress);\r |
| 984 | CertBlock = (EFI_CERT_BLOCK_RSA_2048_SHA256 *) EfiCert->CertData;\r |
| 985 | if (!CompareGuid (&EfiCert->CertType, &gEfiCertTypeRsa2048Sha256Guid)) {\r |
| 986 | //\r |
| 987 | // Invalid Certificate Data Type.\r |
| 988 | //\r |
| 989 | return EFI_SECURITY_VIOLATION;\r |
| 990 | }\r |
| 991 | \r |
| 992 | //\r |
| 993 | // Get KEK database variable data size\r |
| 994 | //\r |
| 995 | Result = gRT->GetVariable (EFI_KEY_EXCHANGE_KEY_NAME, &gEfiGlobalVariableGuid, NULL, &KekDataSize, NULL);\r |
| 996 | if (Result != EFI_BUFFER_TOO_SMALL) {\r |
| 997 | return EFI_SECURITY_VIOLATION;\r |
| 998 | }\r |
| 999 | \r |
| 1000 | //\r |
| 1001 | // Get KEK database variable.\r |
| 1002 | //\r |
| 1003 | KekList = GetEfiGlobalVariable (EFI_KEY_EXCHANGE_KEY_NAME);\r |
| 1004 | if (KekList == NULL) {\r |
| 1005 | return EFI_SECURITY_VIOLATION;\r |
| 1006 | }\r |
| 1007 | \r |
| 1008 | //\r |
| 1009 | // Enumerate all Kek items in this list to verify the variable certificate data.\r |
| 1010 | // If anyone is authenticated successfully, it means the variable is correct!\r |
| 1011 | //\r |
| 1012 | while ((KekDataSize > 0) && (KekDataSize >= KekList->SignatureListSize)) {\r |
| 1013 | if (CompareGuid (&KekList->SignatureType, &gEfiCertRsa2048Guid)) {\r |
| 1014 | KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekList + sizeof (EFI_SIGNATURE_LIST) + KekList->SignatureHeaderSize);\r |
| 1015 | KekCount = (KekList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - KekList->SignatureHeaderSize) / KekList->SignatureSize;\r |
| 1016 | for (Index = 0; Index < KekCount; Index++) {\r |
| 1017 | if (CompareMem (KekItem->SignatureData, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE) == 0) {\r |
| 1018 | IsFound = TRUE;\r |
| 1019 | break;\r |
| 1020 | }\r |
| 1021 | KekItem = (EFI_SIGNATURE_DATA *) ((UINT8 *) KekItem + KekList->SignatureSize);\r |
| 1022 | }\r |
| 1023 | }\r |
| 1024 | KekDataSize -= KekList->SignatureListSize;\r |
| 1025 | KekList = (EFI_SIGNATURE_LIST *) ((UINT8 *) KekList + KekList->SignatureListSize);\r |
| 1026 | }\r |
| 1027 | \r |
| 1028 | if (!IsFound) {\r |
| 1029 | //\r |
| 1030 | // Signed key is not a trust one.\r |
| 1031 | //\r |
| 1032 | goto Done;\r |
| 1033 | }\r |
| 1034 | \r |
| 1035 | //\r |
| 1036 | // Now, we found the corresponding security policy.\r |
| 1037 | // Verify the data payload.\r |
| 1038 | //\r |
| 1039 | Rsa = RsaNew ();\r |
| 570b3d1a |
1040 | if (Rsa == NULL) {\r |
| 1041 | Status = FALSE;\r |
| 1042 | goto Done;\r |
| 1043 | }\r |
| 1044 | \r |
| 0c18794e |
1045 | // \r |
| 1046 | // Set RSA Key Components.\r |
| 1047 | // NOTE: Only N and E are needed to be set as RSA public key for signature verification.\r |
| 1048 | //\r |
| 1049 | Status = RsaSetKey (Rsa, RsaKeyN, CertBlock->PublicKey, EFI_CERT_TYPE_RSA2048_SIZE);\r |
| 1050 | if (!Status) {\r |
| 1051 | goto Done;\r |
| 1052 | }\r |
| 1053 | Status = RsaSetKey (Rsa, RsaKeyE, mRsaE, sizeof (mRsaE));\r |
| 1054 | if (!Status) {\r |
| 1055 | goto Done;\r |
| 1056 | }\r |
| 1057 | //\r |
| 1058 | // Verify the signature.\r |
| 1059 | //\r |
| 1060 | Status = RsaPkcs1Verify (\r |
| 1061 | Rsa, \r |
| 1062 | mImageDigest, \r |
| 1063 | mImageDigestSize, \r |
| 1064 | CertBlock->Signature, \r |
| 1065 | EFI_CERT_TYPE_RSA2048_SHA256_SIZE\r |
| 1066 | );\r |
| 1067 | \r |
| 1068 | Done:\r |
| 1069 | if (KekList != NULL) {\r |
| 1070 | FreePool (KekList);\r |
| 1071 | }\r |
| 1072 | if (Rsa != NULL ) {\r |
| 1073 | RsaFree (Rsa);\r |
| 1074 | }\r |
| 1075 | if (Status) {\r |
| 1076 | return EFI_SUCCESS;\r |
| 1077 | } else {\r |
| 1078 | return EFI_SECURITY_VIOLATION;\r |
| 1079 | }\r |
| 1080 | }\r |
| 1081 | \r |
| 1082 | /**\r |
| 1083 | Provide verification service for signed images, which include both signature validation\r |
| 1084 | and platform policy control. For signature types, both UEFI WIN_CERTIFICATE_UEFI_GUID and \r |
| 1085 | MSFT Authenticode type signatures are supported.\r |
| 1086 | \r |
| 1087 | In this implementation, only verify external executables when in USER MODE.\r |
| 1088 | Executables from FV is bypass, so pass in AuthenticationStatus is ignored. \r |
| 1089 | \r |
| 1090 | @param[in] AuthenticationStatus \r |
| 1091 | This is the authentication status returned from the security\r |
| 1092 | measurement services for the input file.\r |
| 1093 | @param[in] File This is a pointer to the device path of the file that is\r |
| 1094 | being dispatched. This will optionally be used for logging.\r |
| 1095 | @param[in] FileBuffer File buffer matches the input file device path.\r |
| 1096 | @param[in] FileSize Size of File buffer matches the input file device path.\r |
| 1097 | \r |
| 1098 | @retval EFI_SUCCESS The file specified by File did authenticate, and the\r |
| 1099 | platform policy dictates that the DXE Core may use File.\r |
| 570b3d1a |
1100 | @retval EFI_INVALID_PARAMETER Input argument is incorrect.\r |
| 1101 | @retval EFI_OUT_RESOURCE Fail to allocate memory.\r |
| 0c18794e |
1102 | @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and\r |
| 1103 | the platform policy dictates that File should be placed\r |
| 1104 | in the untrusted state. A file may be promoted from\r |
| 1105 | the untrusted to the trusted state at a future time\r |
| 1106 | with a call to the Trust() DXE Service.\r |
| 1107 | @retval EFI_ACCESS_DENIED The file specified by File did not authenticate, and\r |
| 1108 | the platform policy dictates that File should not be\r |
| 1109 | used for any purpose.\r |
| 1110 | \r |
| 1111 | **/\r |
| 1112 | EFI_STATUS\r |
| 1113 | EFIAPI\r |
| 1114 | DxeImageVerificationHandler (\r |
| 1115 | IN UINT32 AuthenticationStatus,\r |
| 1116 | IN CONST EFI_DEVICE_PATH_PROTOCOL *File,\r |
| 1117 | IN VOID *FileBuffer,\r |
| 1118 | IN UINTN FileSize\r |
| 1119 | )\r |
| 0c18794e |
1120 | {\r |
| 1121 | EFI_STATUS Status;\r |
| 1122 | UINT16 Magic;\r |
| 1123 | EFI_IMAGE_DOS_HEADER *DosHdr;\r |
| 1124 | EFI_STATUS VerifyStatus;\r |
| 1125 | UINT8 *SetupMode;\r |
| 1126 | EFI_SIGNATURE_LIST *SignatureList;\r |
| 1127 | UINTN SignatureListSize;\r |
| 1128 | EFI_SIGNATURE_DATA *Signature;\r |
| 1129 | EFI_IMAGE_EXECUTION_ACTION Action;\r |
| 1130 | WIN_CERTIFICATE *WinCertificate;\r |
| 1131 | UINT32 Policy;\r |
| beda2356 |
1132 | UINT8 *SecureBootEnable;\r |
| 0c18794e |
1133 | \r |
| 1134 | if (File == NULL) {\r |
| 1135 | return EFI_INVALID_PARAMETER;\r |
| 1136 | }\r |
| 1137 | \r |
| 1138 | SignatureList = NULL;\r |
| 1139 | SignatureListSize = 0;\r |
| 1140 | WinCertificate = NULL;\r |
| 1141 | Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;\r |
| 1142 | Status = EFI_ACCESS_DENIED;\r |
| 1143 | //\r |
| 1144 | // Check the image type and get policy setting.\r |
| 1145 | //\r |
| 1146 | switch (GetImageType (File)) {\r |
| 1147 | \r |
| 1148 | case IMAGE_FROM_FV:\r |
| 1149 | Policy = ALWAYS_EXECUTE;\r |
| 1150 | break;\r |
| 1151 | \r |
| 1152 | case IMAGE_FROM_OPTION_ROM:\r |
| 1153 | Policy = PcdGet32 (PcdOptionRomImageVerificationPolicy);\r |
| 1154 | break;\r |
| 1155 | \r |
| 1156 | case IMAGE_FROM_REMOVABLE_MEDIA:\r |
| 1157 | Policy = PcdGet32 (PcdRemovableMediaImageVerificationPolicy);\r |
| 1158 | break;\r |
| 1159 | \r |
| 1160 | case IMAGE_FROM_FIXED_MEDIA:\r |
| 1161 | Policy = PcdGet32 (PcdFixedMediaImageVerificationPolicy);\r |
| 1162 | break;\r |
| 1163 | \r |
| 1164 | default:\r |
| 1165 | Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION; \r |
| 1166 | break;\r |
| 1167 | }\r |
| 1168 | //\r |
| 1169 | // If policy is always/never execute, return directly.\r |
| 1170 | //\r |
| 1171 | if (Policy == ALWAYS_EXECUTE) {\r |
| 1172 | return EFI_SUCCESS;\r |
| 1173 | } else if (Policy == NEVER_EXECUTE) {\r |
| 1174 | return EFI_ACCESS_DENIED;\r |
| 1175 | }\r |
| beda2356 |
1176 | \r |
| 1177 | SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);\r |
| 1178 | //\r |
| 1179 | // Skip verification if SecureBootEnable variable doesn't exist.\r |
| 1180 | //\r |
| 1181 | if (SecureBootEnable == NULL) {\r |
| 1182 | return EFI_SUCCESS;\r |
| 1183 | }\r |
| 1184 | \r |
| 1185 | //\r |
| 1186 | // Skip verification if SecureBootEnable is disabled.\r |
| 1187 | //\r |
| 1188 | if (*SecureBootEnable == SECURE_BOOT_DISABLE) {\r |
| 1189 | FreePool (SecureBootEnable);\r |
| 1190 | return EFI_SUCCESS;\r |
| 1191 | } \r |
| 1192 | \r |
| 0c18794e |
1193 | SetupMode = GetEfiGlobalVariable (EFI_SETUP_MODE_NAME);\r |
| 1194 | \r |
| 1195 | //\r |
| 1196 | // SetupMode doesn't exist means no AuthVar driver is dispatched,\r |
| 1197 | // skip verification.\r |
| 1198 | //\r |
| 1199 | if (SetupMode == NULL) {\r |
| 1200 | return EFI_SUCCESS;\r |
| 1201 | }\r |
| 1202 | \r |
| 1203 | //\r |
| 1204 | // If platform is in SETUP MODE, skip verification.\r |
| 1205 | //\r |
| 1206 | if (*SetupMode == SETUP_MODE) {\r |
| 1207 | FreePool (SetupMode);\r |
| 1208 | return EFI_SUCCESS;\r |
| 1209 | }\r |
| 1210 | //\r |
| 1211 | // Read the Dos header.\r |
| 1212 | //\r |
| 570b3d1a |
1213 | if (FileBuffer == NULL) {\r |
| 1214 | FreePool (SetupMode);\r |
| 1215 | return EFI_INVALID_PARAMETER;\r |
| 1216 | }\r |
| 0c18794e |
1217 | mImageBase = (UINT8 *) FileBuffer;\r |
| 1218 | mImageSize = FileSize;\r |
| 1219 | DosHdr = (EFI_IMAGE_DOS_HEADER *) (mImageBase);\r |
| 1220 | if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {\r |
| 1221 | //\r |
| 1222 | // DOS image header is present, \r |
| 1223 | // so read the PE header after the DOS image header.\r |
| 1224 | //\r |
| 1225 | mPeCoffHeaderOffset = DosHdr->e_lfanew;\r |
| 1226 | } else {\r |
| 1227 | mPeCoffHeaderOffset = 0;\r |
| 1228 | }\r |
| 1229 | //\r |
| 1230 | // Check PE/COFF image.\r |
| 1231 | //\r |
| 1232 | mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *) (mImageBase + mPeCoffHeaderOffset);\r |
| 1233 | if (mNtHeader.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {\r |
| 1234 | //\r |
| 1235 | // It is not a valid Pe/Coff file.\r |
| 1236 | //\r |
| 1237 | return EFI_ACCESS_DENIED;\r |
| 1238 | }\r |
| 1239 | \r |
| 1240 | Magic = mNtHeader.Pe32->OptionalHeader.Magic;\r |
| 1241 | if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r |
| 1242 | //\r |
| 1243 | // Use PE32 offset.\r |
| 1244 | //\r |
| 1245 | mSecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];\r |
| 570b3d1a |
1246 | } else if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) {\r |
| 0c18794e |
1247 | //\r |
| 1248 | // Use PE32+ offset.\r |
| 1249 | //\r |
| 1250 | mSecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];\r |
| 570b3d1a |
1251 | } else {\r |
| 1252 | //\r |
| 1253 | // Invalid header magic number.\r |
| 1254 | //\r |
| 1255 | Status = EFI_INVALID_PARAMETER;\r |
| 1256 | goto Done;\r |
| 1257 | }\r |
| 1258 | \r |
| 1259 | if (mSecDataDir->VirtualAddress >= mImageSize) {\r |
| 1260 | //\r |
| 1261 | // Sanity check to see if this file is corrupted.\r |
| 1262 | //\r |
| 1263 | Status = EFI_INVALID_PARAMETER;\r |
| 1264 | goto Done;\r |
| 0c18794e |
1265 | }\r |
| 1266 | \r |
| 1267 | if (mSecDataDir->Size == 0) {\r |
| 1268 | //\r |
| 1269 | // This image is not signed.\r |
| 1270 | //\r |
| 1271 | Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;\r |
| 1272 | Status = EFI_ACCESS_DENIED; \r |
| 1273 | goto Done; \r |
| 1274 | }\r |
| 1275 | //\r |
| 1276 | // Verify signature of executables.\r |
| 1277 | //\r |
| 1278 | WinCertificate = (WIN_CERTIFICATE *) (mImageBase + mSecDataDir->VirtualAddress);\r |
| 1279 | \r |
| 1280 | switch (WinCertificate->wCertificateType) {\r |
| 1281 | \r |
| 1282 | case WIN_CERT_TYPE_EFI_GUID:\r |
| 1283 | //\r |
| 1284 | // Verify UEFI GUID type.\r |
| 1285 | // \r |
| 1286 | if (!HashPeImage (HASHALG_SHA256)) {\r |
| 1287 | goto Done;\r |
| 1288 | }\r |
| 1289 | \r |
| 1290 | VerifyStatus = VerifyCertUefiGuid ();\r |
| 1291 | break;\r |
| 1292 | \r |
| 1293 | case WIN_CERT_TYPE_PKCS_SIGNED_DATA:\r |
| 1294 | //\r |
| 1295 | // Verify Pkcs signed data type.\r |
| 1296 | //\r |
| 1297 | Status = HashPeImageByType();\r |
| 1298 | if (EFI_ERROR(Status)) {\r |
| 1299 | goto Done;\r |
| 1300 | }\r |
| 1301 | \r |
| 1302 | VerifyStatus = VerifyCertPkcsSignedData ();\r |
| 1303 | \r |
| 1304 | //\r |
| 1305 | // For image verification against enrolled certificate(root or intermediate),\r |
| 1306 | // no need to check image's hash in the allowed database.\r |
| 1307 | //\r |
| 1308 | if (!EFI_ERROR (VerifyStatus)) {\r |
| 1309 | return EFI_SUCCESS;\r |
| 1310 | }\r |
| 1311 | \r |
| 1312 | default:\r |
| 1313 | return EFI_ACCESS_DENIED;\r |
| 1314 | }\r |
| 1315 | //\r |
| 1316 | // Get image hash value as executable's signature.\r |
| 1317 | //\r |
| 1318 | SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;\r |
| 1319 | SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);\r |
| 570b3d1a |
1320 | if (SignatureList == NULL) {\r |
| 1321 | Status = EFI_OUT_OF_RESOURCES;\r |
| 1322 | goto Done;\r |
| 1323 | }\r |
| 0c18794e |
1324 | SignatureList->SignatureHeaderSize = 0;\r |
| 1325 | SignatureList->SignatureListSize = (UINT32) SignatureListSize;\r |
| 1326 | SignatureList->SignatureSize = (UINT32) mImageDigestSize;\r |
| 1327 | CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));\r |
| 1328 | Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));\r |
| 1329 | CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);\r |
| 1330 | //\r |
| 1331 | // Signature database check after verification.\r |
| 1332 | //\r |
| 1333 | if (EFI_ERROR (VerifyStatus)) {\r |
| 1334 | //\r |
| 1335 | // Verification failure.\r |
| 1336 | //\r |
| 1337 | Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;\r |
| 1338 | Status = EFI_ACCESS_DENIED;\r |
| 1339 | } else if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, Signature->SignatureData, &mCertType, mImageDigestSize)) {\r |
| 1340 | //\r |
| 1341 | // Executable signature verification passes, but is found in forbidden signature database.\r |
| 1342 | //\r |
| 1343 | Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;\r |
| 1344 | Status = EFI_ACCESS_DENIED;\r |
| 1345 | } else if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, Signature->SignatureData, &mCertType, mImageDigestSize)) {\r |
| 1346 | //\r |
| 1347 | // Executable signature is found in authorized signature database.\r |
| 1348 | //\r |
| 1349 | Status = EFI_SUCCESS;\r |
| 1350 | } else {\r |
| 1351 | //\r |
| 1352 | // Executable signature verification passes, but cannot be found in authorized signature database.\r |
| 1353 | // Get platform policy to determine the action.\r |
| 1354 | //\r |
| 1355 | Action = EFI_IMAGE_EXECUTION_AUTH_SIG_PASSED;\r |
| 1356 | Status = ImageAuthorization (Policy);\r |
| 1357 | }\r |
| 1358 | \r |
| 1359 | Done:\r |
| 1360 | if (Status != EFI_SUCCESS) {\r |
| 1361 | //\r |
| 1362 | // Policy decides to defer or reject the image; add its information in image executable information table.\r |
| 1363 | //\r |
| 1364 | AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize);\r |
| 1365 | }\r |
| 1366 | \r |
| 1367 | if (SignatureList != NULL) {\r |
| 1368 | FreePool (SignatureList);\r |
| 1369 | }\r |
| 1370 | \r |
| 1371 | FreePool (SetupMode);\r |
| 1372 | \r |
| 1373 | return Status;\r |
| 1374 | }\r |
| 1375 | \r |
| 1376 | /**\r |
| 1377 | When VariableWriteArchProtocol install, create "SecureBoot" variable.\r |
| 1378 | \r |
| 1379 | @param[in] Event Event whose notification function is being invoked.\r |
| 1380 | @param[in] Context Pointer to the notification function's context.\r |
| 1381 | \r |
| 1382 | **/\r |
| 1383 | VOID\r |
| 1384 | EFIAPI\r |
| 1385 | VariableWriteCallBack (\r |
| 1386 | IN EFI_EVENT Event,\r |
| 1387 | IN VOID *Context\r |
| 1388 | )\r |
| 1389 | {\r |
| 1390 | UINT8 SecureBootMode;\r |
| 1391 | UINT8 *SecureBootModePtr;\r |
| 1392 | EFI_STATUS Status;\r |
| 1393 | VOID *ProtocolPointer;\r |
| 1394 | \r |
| 1395 | Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, &ProtocolPointer);\r |
| 1396 | if (EFI_ERROR (Status)) {\r |
| 1397 | return;\r |
| 1398 | }\r |
| 1399 | \r |
| 1400 | //\r |
| 1401 | // Check whether "SecureBoot" variable exists.\r |
| 1402 | // If this library is built-in, it means firmware has capability to perform\r |
| 1403 | // driver signing verification.\r |
| 1404 | //\r |
| 1405 | SecureBootModePtr = GetEfiGlobalVariable (EFI_SECURE_BOOT_MODE_NAME);\r |
| 1406 | if (SecureBootModePtr == NULL) {\r |
| 1407 | SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r |
| 1408 | //\r |
| 1409 | // Authenticated variable driver will update "SecureBoot" depending on SetupMode variable.\r |
| 1410 | //\r |
| 1411 | gRT->SetVariable (\r |
| 1412 | EFI_SECURE_BOOT_MODE_NAME,\r |
| 1413 | &gEfiGlobalVariableGuid,\r |
| 1414 | EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,\r |
| 1415 | sizeof (UINT8),\r |
| 1416 | &SecureBootMode\r |
| 1417 | );\r |
| 1418 | } else {\r |
| 1419 | FreePool (SecureBootModePtr);\r |
| 1420 | }\r |
| 1421 | } \r |
| 1422 | \r |
| 1423 | /**\r |
| 1424 | Register security measurement handler.\r |
| 1425 | \r |
| 1426 | @param ImageHandle ImageHandle of the loaded driver.\r |
| 1427 | @param SystemTable Pointer to the EFI System Table.\r |
| 1428 | \r |
| 1429 | @retval EFI_SUCCESS The handlers were registered successfully.\r |
| 1430 | **/\r |
| 1431 | EFI_STATUS\r |
| 1432 | EFIAPI\r |
| 1433 | DxeImageVerificationLibConstructor (\r |
| 1434 | IN EFI_HANDLE ImageHandle,\r |
| 1435 | IN EFI_SYSTEM_TABLE *SystemTable\r |
| 1436 | )\r |
| 1437 | {\r |
| 1438 | VOID *Registration;\r |
| 1439 | \r |
| 1440 | //\r |
| 1441 | // Register callback function upon VariableWriteArchProtocol.\r |
| 1442 | // \r |
| 1443 | EfiCreateProtocolNotifyEvent (\r |
| 1444 | &gEfiVariableWriteArchProtocolGuid,\r |
| 1445 | TPL_CALLBACK,\r |
| 1446 | VariableWriteCallBack,\r |
| 1447 | NULL,\r |
| 1448 | &Registration\r |
| 1449 | );\r |
| 1450 | \r |
| 1451 | return RegisterSecurityHandler (\r |
| 1452 | DxeImageVerificationHandler,\r |
| 1453 | EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED\r |
| 1454 | ); \r |
| 1455 | }\r |
projects / mirror_edk2.git / blame