Enable TPM measurement lib to measure all PE image from a FV unmeasured by TcgPei
[mirror_edk2.git] / SecurityPkg / Library / DxeImageVerificationLib / DxeImageVerificationLib.c
1 /** @file
2 Implement image verification services for secure boot service in UEFI2.3.1.
3
4 Caution: This file requires additional review when modified.
5 This library will have external input - PE/COFF image.
6 This external input must be validated carefully to avoid security issue like
7 buffer overflow, integer overflow.
8
9 DxeImageVerificationLibImageRead() function will make sure the PE/COFF image content
10 read is within the image buffer.
11
12 DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function will accept
13 untrusted PE/COFF image and validate its data structure within this image buffer before use.
14
15 Copyright (c) 2009 - 2012, Intel Corporation. All rights reserved.<BR>
16 This program and the accompanying materials
17 are licensed and made available under the terms and conditions of the BSD License
18 which accompanies this distribution. The full text of the license may be found at
19 http://opensource.org/licenses/bsd-license.php
20
21 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
22 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
23
24 **/
25
26 #include "DxeImageVerificationLib.h"
27
28 //
29 // Caution: This is used by a function which may receive untrusted input.
30 // These global variables hold PE/COFF image data, and they should be validated before use.
31 //
32 EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
33 UINT32 mPeCoffHeaderOffset;
34 EFI_GUID mCertType;
35
36 //
37 // Information on current PE/COFF image
38 //
39 UINTN mImageSize;
40 UINT8 *mImageBase = NULL;
41 UINT8 mImageDigest[MAX_DIGEST_SIZE];
42 UINTN mImageDigestSize;
43
44 //
45 // Notify string for authorization UI.
46 //
47 CHAR16 mNotifyString1[MAX_NOTIFY_STRING_LEN] = L"Image verification pass but not found in authorized database!";
48 CHAR16 mNotifyString2[MAX_NOTIFY_STRING_LEN] = L"Launch this image anyway? (Yes/Defer/No)";
49 //
50 // Public Exponent of RSA Key.
51 //
52 CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
53
54
55 //
56 // OID ASN.1 Value for Hash Algorithms
57 //
58 UINT8 mHashOidValue[] = {
59 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05, // OBJ_md5
60 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1
61 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224
62 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256
63 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384
64 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512
65 };
66
67 HASH_TABLE mHash[] = {
68 { L"SHA1", 20, &mHashOidValue[8], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },
69 { L"SHA224", 28, &mHashOidValue[13], 9, NULL, NULL, NULL, NULL },
70 { L"SHA256", 32, &mHashOidValue[22], 9, Sha256GetContextSize,Sha256Init, Sha256Update, Sha256Final},
71 { L"SHA384", 48, &mHashOidValue[31], 9, NULL, NULL, NULL, NULL },
72 { L"SHA512", 64, &mHashOidValue[40], 9, NULL, NULL, NULL, NULL }
73 };
74
75 /**
76 Reads contents of a PE/COFF image in memory buffer.
77
78 Caution: This function may receive untrusted input.
79 PE/COFF image is external input, so this function will make sure the PE/COFF image content
80 read is within the image buffer.
81
82 @param FileHandle Pointer to the file handle to read the PE/COFF image.
83 @param FileOffset Offset into the PE/COFF image to begin the read operation.
84 @param ReadSize On input, the size in bytes of the requested read operation.
85 On output, the number of bytes actually read.
86 @param Buffer Output buffer that contains the data read from the PE/COFF image.
87
88 @retval EFI_SUCCESS The specified portion of the PE/COFF image was read and the size
89 **/
90 EFI_STATUS
91 EFIAPI
92 DxeImageVerificationLibImageRead (
93 IN VOID *FileHandle,
94 IN UINTN FileOffset,
95 IN OUT UINTN *ReadSize,
96 OUT VOID *Buffer
97 )
98 {
99 UINTN EndPosition;
100
101 if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
102 return EFI_INVALID_PARAMETER;
103 }
104
105 if (MAX_ADDRESS - FileOffset < *ReadSize) {
106 return EFI_INVALID_PARAMETER;
107 }
108
109 EndPosition = FileOffset + *ReadSize;
110 if (EndPosition > mImageSize) {
111 *ReadSize = (UINT32)(mImageSize - FileOffset);
112 }
113
114 if (FileOffset >= mImageSize) {
115 *ReadSize = 0;
116 }
117
118 CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
119
120 return EFI_SUCCESS;
121 }
122
123
124 /**
125 Get the image type.
126
127 @param[in] File This is a pointer to the device path of the file that is
128 being dispatched.
129
130 @return UINT32 Image Type
131
132 **/
133 UINT32
134 GetImageType (
135 IN CONST EFI_DEVICE_PATH_PROTOCOL *File
136 )
137 {
138 EFI_STATUS Status;
139 EFI_HANDLE DeviceHandle;
140 EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;
141 EFI_BLOCK_IO_PROTOCOL *BlockIo;
142
143 if (File == NULL) {
144 return IMAGE_UNKNOWN;
145 }
146
147 //
148 // First check to see if File is from a Firmware Volume
149 //
150 DeviceHandle = NULL;
151 TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
152 Status = gBS->LocateDevicePath (
153 &gEfiFirmwareVolume2ProtocolGuid,
154 &TempDevicePath,
155 &DeviceHandle
156 );
157 if (!EFI_ERROR (Status)) {
158 Status = gBS->OpenProtocol (
159 DeviceHandle,
160 &gEfiFirmwareVolume2ProtocolGuid,
161 NULL,
162 NULL,
163 NULL,
164 EFI_OPEN_PROTOCOL_TEST_PROTOCOL
165 );
166 if (!EFI_ERROR (Status)) {
167 return IMAGE_FROM_FV;
168 }
169 }
170
171 //
172 // Next check to see if File is from a Block I/O device
173 //
174 DeviceHandle = NULL;
175 TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
176 Status = gBS->LocateDevicePath (
177 &gEfiBlockIoProtocolGuid,
178 &TempDevicePath,
179 &DeviceHandle
180 );
181 if (!EFI_ERROR (Status)) {
182 BlockIo = NULL;
183 Status = gBS->OpenProtocol (
184 DeviceHandle,
185 &gEfiBlockIoProtocolGuid,
186 (VOID **) &BlockIo,
187 NULL,
188 NULL,
189 EFI_OPEN_PROTOCOL_GET_PROTOCOL
190 );
191 if (!EFI_ERROR (Status) && BlockIo != NULL) {
192 if (BlockIo->Media != NULL) {
193 if (BlockIo->Media->RemovableMedia) {
194 //
195 // Block I/O is present and specifies the media is removable
196 //
197 return IMAGE_FROM_REMOVABLE_MEDIA;
198 } else {
199 //
200 // Block I/O is present and specifies the media is not removable
201 //
202 return IMAGE_FROM_FIXED_MEDIA;
203 }
204 }
205 }
206 }
207
208 //
209 // File is not in a Firmware Volume or on a Block I/O device, so check to see if
210 // the device path supports the Simple File System Protocol.
211 //
212 DeviceHandle = NULL;
213 TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
214 Status = gBS->LocateDevicePath (
215 &gEfiSimpleFileSystemProtocolGuid,
216 &TempDevicePath,
217 &DeviceHandle
218 );
219 if (!EFI_ERROR (Status)) {
220 //
221 // Simple File System is present without Block I/O, so assume media is fixed.
222 //
223 return IMAGE_FROM_FIXED_MEDIA;
224 }
225
226 //
227 // File is not from an FV, Block I/O or Simple File System, so the only options
228 // left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC.
229 //
230 TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
231 while (!IsDevicePathEndType (TempDevicePath)) {
232 switch (DevicePathType (TempDevicePath)) {
233
234 case MEDIA_DEVICE_PATH:
235 if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) {
236 return IMAGE_FROM_OPTION_ROM;
237 }
238 break;
239
240 case MESSAGING_DEVICE_PATH:
241 if (DevicePathSubType(TempDevicePath) == MSG_MAC_ADDR_DP) {
242 return IMAGE_FROM_REMOVABLE_MEDIA;
243 }
244 break;
245
246 default:
247 break;
248 }
249 TempDevicePath = NextDevicePathNode (TempDevicePath);
250 }
251 return IMAGE_UNKNOWN;
252 }
253
254 /**
255 Caculate hash of Pe/Coff image based on the authenticode image hashing in
256 PE/COFF Specification 8.0 Appendix A
257
258 Caution: This function may receive untrusted input.
259 PE/COFF image is external input, so this function will validate its data structure
260 within this image buffer before use.
261
262 @param[in] HashAlg Hash algorithm type.
263
264 @retval TRUE Successfully hash image.
265 @retval FALSE Fail in hash image.
266
267 **/
268 BOOLEAN
269 HashPeImage (
270 IN UINT32 HashAlg
271 )
272 {
273 BOOLEAN Status;
274 UINT16 Magic;
275 EFI_IMAGE_SECTION_HEADER *Section;
276 VOID *HashCtx;
277 UINTN CtxSize;
278 UINT8 *HashBase;
279 UINTN HashSize;
280 UINTN SumOfBytesHashed;
281 EFI_IMAGE_SECTION_HEADER *SectionHeader;
282 UINTN Index;
283 UINTN Pos;
284 UINT32 CertSize;
285 UINT32 NumberOfRvaAndSizes;
286
287 HashCtx = NULL;
288 SectionHeader = NULL;
289 Status = FALSE;
290
291 if ((HashAlg != HASHALG_SHA1) && (HashAlg != HASHALG_SHA256)) {
292 return FALSE;
293 }
294
295 //
296 // Initialize context of hash.
297 //
298 ZeroMem (mImageDigest, MAX_DIGEST_SIZE);
299
300 if (HashAlg == HASHALG_SHA1) {
301 mImageDigestSize = SHA1_DIGEST_SIZE;
302 mCertType = gEfiCertSha1Guid;
303 } else if (HashAlg == HASHALG_SHA256) {
304 mImageDigestSize = SHA256_DIGEST_SIZE;
305 mCertType = gEfiCertSha256Guid;
306 } else {
307 return FALSE;
308 }
309
310 CtxSize = mHash[HashAlg].GetContextSize();
311
312 HashCtx = AllocatePool (CtxSize);
313 if (HashCtx == NULL) {
314 return FALSE;
315 }
316
317 // 1. Load the image header into memory.
318
319 // 2. Initialize a SHA hash context.
320 Status = mHash[HashAlg].HashInit(HashCtx);
321
322 if (!Status) {
323 goto Done;
324 }
325
326 //
327 // Measuring PE/COFF Image Header;
328 // But CheckSum field and SECURITY data directory (certificate) are excluded
329 //
330 if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
331 //
332 // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
333 // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
334 // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
335 // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
336 //
337 Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
338 } else {
339 //
340 // Get the magic value from the PE/COFF Optional Header
341 //
342 Magic = mNtHeader.Pe32->OptionalHeader.Magic;
343 }
344
345 //
346 // 3. Calculate the distance from the base of the image header to the image checksum address.
347 // 4. Hash the image header from its base to beginning of the image checksum.
348 //
349 HashBase = mImageBase;
350 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
351 //
352 // Use PE32 offset.
353 //
354 HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - HashBase);
355 NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
356 } else if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
357 //
358 // Use PE32+ offset.
359 //
360 HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - HashBase);
361 NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
362 } else {
363 //
364 // Invalid header magic number.
365 //
366 Status = FALSE;
367 goto Done;
368 }
369
370 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
371 if (!Status) {
372 goto Done;
373 }
374
375 //
376 // 5. Skip over the image checksum (it occupies a single ULONG).
377 //
378 if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
379 //
380 // 6. Since there is no Cert Directory in optional header, hash everything
381 // from the end of the checksum to the end of image header.
382 //
383 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
384 //
385 // Use PE32 offset.
386 //
387 HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
388 HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - mImageBase);
389 } else {
390 //
391 // Use PE32+ offset.
392 //
393 HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
394 HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - mImageBase);
395 }
396
397 if (HashSize != 0) {
398 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
399 if (!Status) {
400 goto Done;
401 }
402 }
403 } else {
404 //
405 // 7. Hash everything from the end of the checksum to the start of the Cert Directory.
406 //
407 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
408 //
409 // Use PE32 offset.
410 //
411 HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
412 HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);
413 } else {
414 //
415 // Use PE32+ offset.
416 //
417 HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
418 HashSize = (UINTN) ((UINT8 *) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - HashBase);
419 }
420
421 if (HashSize != 0) {
422 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
423 if (!Status) {
424 goto Done;
425 }
426 }
427
428 //
429 // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
430 // 9. Hash everything from the end of the Cert Directory to the end of image header.
431 //
432 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
433 //
434 // Use PE32 offset
435 //
436 HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
437 HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - mImageBase);
438 } else {
439 //
440 // Use PE32+ offset.
441 //
442 HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
443 HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN) (HashBase - mImageBase);
444 }
445
446 if (HashSize != 0) {
447 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
448 if (!Status) {
449 goto Done;
450 }
451 }
452 }
453
454 //
455 // 10. Set the SUM_OF_BYTES_HASHED to the size of the header.
456 //
457 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
458 //
459 // Use PE32 offset.
460 //
461 SumOfBytesHashed = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders;
462 } else {
463 //
464 // Use PE32+ offset
465 //
466 SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders;
467 }
468
469
470 Section = (EFI_IMAGE_SECTION_HEADER *) (
471 mImageBase +
472 mPeCoffHeaderOffset +
473 sizeof (UINT32) +
474 sizeof (EFI_IMAGE_FILE_HEADER) +
475 mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader
476 );
477
478 //
479 // 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER
480 // structures in the image. The 'NumberOfSections' field of the image
481 // header indicates how big the table should be. Do not include any
482 // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
483 //
484 SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);
485 if (SectionHeader == NULL) {
486 Status = FALSE;
487 goto Done;
488 }
489 //
490 // 12. Using the 'PointerToRawData' in the referenced section headers as
491 // a key, arrange the elements in the table in ascending order. In other
492 // words, sort the section headers according to the disk-file offset of
493 // the section.
494 //
495 for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) {
496 Pos = Index;
497 while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {
498 CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
499 Pos--;
500 }
501 CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
502 Section += 1;
503 }
504
505 //
506 // 13. Walk through the sorted table, bring the corresponding section
507 // into memory, and hash the entire section (using the 'SizeOfRawData'
508 // field in the section header to determine the amount of data to hash).
509 // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .
510 // 15. Repeat steps 13 and 14 for all the sections in the sorted table.
511 //
512 for (Index = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++) {
513 Section = &SectionHeader[Index];
514 if (Section->SizeOfRawData == 0) {
515 continue;
516 }
517 HashBase = mImageBase + Section->PointerToRawData;
518 HashSize = (UINTN) Section->SizeOfRawData;
519
520 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
521 if (!Status) {
522 goto Done;
523 }
524
525 SumOfBytesHashed += HashSize;
526 }
527
528 //
529 // 16. If the file size is greater than SUM_OF_BYTES_HASHED, there is extra
530 // data in the file that needs to be added to the hash. This data begins
531 // at file offset SUM_OF_BYTES_HASHED and its length is:
532 // FileSize - (CertDirectory->Size)
533 //
534 if (mImageSize > SumOfBytesHashed) {
535 HashBase = mImageBase + SumOfBytesHashed;
536
537 if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
538 CertSize = 0;
539 } else {
540 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
541 //
542 // Use PE32 offset.
543 //
544 CertSize = mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
545 } else {
546 //
547 // Use PE32+ offset.
548 //
549 CertSize = mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
550 }
551 }
552
553 if (mImageSize > CertSize + SumOfBytesHashed) {
554 HashSize = (UINTN) (mImageSize - CertSize - SumOfBytesHashed);
555
556 Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
557 if (!Status) {
558 goto Done;
559 }
560 } else if (mImageSize < CertSize + SumOfBytesHashed) {
561 Status = FALSE;
562 goto Done;
563 }
564 }
565
566 Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest);
567
568 Done:
569 if (HashCtx != NULL) {
570 FreePool (HashCtx);
571 }
572 if (SectionHeader != NULL) {
573 FreePool (SectionHeader);
574 }
575 return Status;
576 }
577
578 /**
579 Recognize the Hash algorithm in PE/COFF Authenticode and caculate hash of
580 Pe/Coff image based on the authenticode image hashing in PE/COFF Specification
581 8.0 Appendix A
582
583 Caution: This function may receive untrusted input.
584 PE/COFF image is external input, so this function will validate its data structure
585 within this image buffer before use.
586
587 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed image.
588 @param[in] AuthDataSize Size of the Authenticode Signature in bytes.
589
590 @retval EFI_UNSUPPORTED Hash algorithm is not supported.
591 @retval EFI_SUCCESS Hash successfully.
592
593 **/
594 EFI_STATUS
595 HashPeImageByType (
596 IN UINT8 *AuthData,
597 IN UINTN AuthDataSize
598 )
599 {
600 UINT8 Index;
601
602 for (Index = 0; Index < HASHALG_MAX; Index++) {
603 //
604 // Check the Hash algorithm in PE/COFF Authenticode.
605 // According to PKCS#7 Definition:
606 // SignedData ::= SEQUENCE {
607 // version Version,
608 // digestAlgorithms DigestAlgorithmIdentifiers,
609 // contentInfo ContentInfo,
610 // .... }
611 // The DigestAlgorithmIdentifiers can be used to determine the hash algorithm in PE/COFF hashing
612 // This field has the fixed offset (+32) in final Authenticode ASN.1 data.
613 // Fixed offset (+32) is calculated based on two bytes of length encoding.
614 //
615 if ((*(AuthData + 1) & TWO_BYTE_ENCODE) != TWO_BYTE_ENCODE) {
616 //
617 // Only support two bytes of Long Form of Length Encoding.
618 //
619 continue;
620 }
621
622 if (AuthDataSize < 32 + mHash[Index].OidLength) {
623 return EFI_UNSUPPORTED;
624 }
625
626 if (CompareMem (AuthData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {
627 break;
628 }
629 }
630
631 if (Index == HASHALG_MAX) {
632 return EFI_UNSUPPORTED;
633 }
634
635 //
636 // HASH PE Image based on Hash algorithm in PE/COFF Authenticode.
637 //
638 if (!HashPeImage(Index)) {
639 return EFI_UNSUPPORTED;
640 }
641
642 return EFI_SUCCESS;
643 }
644
645
646 /**
647 Returns the size of a given image execution info table in bytes.
648
649 This function returns the size, in bytes, of the image execution info table specified by
650 ImageExeInfoTable. If ImageExeInfoTable is NULL, then 0 is returned.
651
652 @param ImageExeInfoTable A pointer to a image execution info table structure.
653
654 @retval 0 If ImageExeInfoTable is NULL.
655 @retval Others The size of a image execution info table in bytes.
656
657 **/
658 UINTN
659 GetImageExeInfoTableSize (
660 EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable
661 )
662 {
663 UINTN Index;
664 EFI_IMAGE_EXECUTION_INFO *ImageExeInfoItem;
665 UINTN TotalSize;
666
667 if (ImageExeInfoTable == NULL) {
668 return 0;
669 }
670
671 ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE));
672 TotalSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
673 for (Index = 0; Index < ImageExeInfoTable->NumberOfImages; Index++) {
674 TotalSize += ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize);
675 ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoItem + ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize));
676 }
677
678 return TotalSize;
679 }
680
681 /**
682 Create an Image Execution Information Table entry and add it to system configuration table.
683
684 @param[in] Action Describes the action taken by the firmware regarding this image.
685 @param[in] Name Input a null-terminated, user-friendly name.
686 @param[in] DevicePath Input device path pointer.
687 @param[in] Signature Input signature info in EFI_SIGNATURE_LIST data structure.
688 @param[in] SignatureSize Size of signature.
689
690 **/
691 VOID
692 AddImageExeInfo (
693 IN EFI_IMAGE_EXECUTION_ACTION Action,
694 IN CHAR16 *Name OPTIONAL,
695 IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath,
696 IN EFI_SIGNATURE_LIST *Signature OPTIONAL,
697 IN UINTN SignatureSize
698 )
699 {
700 EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable;
701 EFI_IMAGE_EXECUTION_INFO_TABLE *NewImageExeInfoTable;
702 EFI_IMAGE_EXECUTION_INFO *ImageExeInfoEntry;
703 UINTN ImageExeInfoTableSize;
704 UINTN NewImageExeInfoEntrySize;
705 UINTN NameStringLen;
706 UINTN DevicePathSize;
707
708 ImageExeInfoTable = NULL;
709 NewImageExeInfoTable = NULL;
710 ImageExeInfoEntry = NULL;
711 NameStringLen = 0;
712
713 if (DevicePath == NULL) {
714 return ;
715 }
716
717 if (Name != NULL) {
718 NameStringLen = StrSize (Name);
719 }
720
721 ImageExeInfoTable = NULL;
722 EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable);
723 if (ImageExeInfoTable != NULL) {
724 //
725 // The table has been found!
726 // We must enlarge the table to accmodate the new exe info entry.
727 //
728 ImageExeInfoTableSize = GetImageExeInfoTableSize (ImageExeInfoTable);
729 } else {
730 //
731 // Not Found!
732 // We should create a new table to append to the configuration table.
733 //
734 ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
735 }
736
737 DevicePathSize = GetDevicePathSize (DevicePath);
738 NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;
739 NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
740 if (NewImageExeInfoTable == NULL) {
741 return ;
742 }
743
744 if (ImageExeInfoTable != NULL) {
745 CopyMem (NewImageExeInfoTable, ImageExeInfoTable, ImageExeInfoTableSize);
746 } else {
747 NewImageExeInfoTable->NumberOfImages = 0;
748 }
749 NewImageExeInfoTable->NumberOfImages++;
750 ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) NewImageExeInfoTable + ImageExeInfoTableSize);
751 //
752 // Update new item's infomation.
753 //
754 WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->Action, Action);
755 WriteUnaligned32 ((UINT32 *) &ImageExeInfoEntry->InfoSize, (UINT32) NewImageExeInfoEntrySize);
756
757 if (Name != NULL) {
758 CopyMem ((UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32), Name, NameStringLen);
759 }
760 CopyMem (
761 (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen,
762 DevicePath,
763 DevicePathSize
764 );
765 if (Signature != NULL) {
766 CopyMem (
767 (UINT8 *) &ImageExeInfoEntry->InfoSize + sizeof (UINT32) + NameStringLen + DevicePathSize,
768 Signature,
769 SignatureSize
770 );
771 }
772 //
773 // Update/replace the image execution table.
774 //
775 gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) NewImageExeInfoTable);
776
777 //
778 // Free Old table data!
779 //
780 if (ImageExeInfoTable != NULL) {
781 FreePool (ImageExeInfoTable);
782 }
783 }
784
785 /**
786 Check whether signature is in specified database.
787
788 @param[in] VariableName Name of database variable that is searched in.
789 @param[in] Signature Pointer to signature that is searched for.
790 @param[in] CertType Pointer to hash algrithom.
791 @param[in] SignatureSize Size of Signature.
792
793 @return TRUE Found the signature in the variable database.
794 @return FALSE Not found the signature in the variable database.
795
796 **/
797 BOOLEAN
798 IsSignatureFoundInDatabase (
799 IN CHAR16 *VariableName,
800 IN UINT8 *Signature,
801 IN EFI_GUID *CertType,
802 IN UINTN SignatureSize
803 )
804 {
805 EFI_STATUS Status;
806 EFI_SIGNATURE_LIST *CertList;
807 EFI_SIGNATURE_DATA *Cert;
808 UINTN DataSize;
809 UINT8 *Data;
810 UINTN Index;
811 UINTN CertCount;
812 BOOLEAN IsFound;
813 //
814 // Read signature database variable.
815 //
816 IsFound = FALSE;
817 Data = NULL;
818 DataSize = 0;
819 Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
820 if (Status != EFI_BUFFER_TOO_SMALL) {
821 return FALSE;
822 }
823
824 Data = (UINT8 *) AllocateZeroPool (DataSize);
825 if (Data == NULL) {
826 return FALSE;
827 }
828
829 Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, Data);
830 if (EFI_ERROR (Status)) {
831 goto Done;
832 }
833 //
834 // Enumerate all signature data in SigDB to check if executable's signature exists.
835 //
836 CertList = (EFI_SIGNATURE_LIST *) Data;
837 while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
838 CertCount = (CertList->SignatureListSize - CertList->SignatureHeaderSize) / CertList->SignatureSize;
839 Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
840 if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, CertType))) {
841 for (Index = 0; Index < CertCount; Index++) {
842 if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) {
843 //
844 // Find the signature in database.
845 //
846 IsFound = TRUE;
847 break;
848 }
849
850 Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
851 }
852
853 if (IsFound) {
854 break;
855 }
856 }
857
858 DataSize -= CertList->SignatureListSize;
859 CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
860 }
861
862 Done:
863 if (Data != NULL) {
864 FreePool (Data);
865 }
866
867 return IsFound;
868 }
869
870 /**
871 Verify PKCS#7 SignedData using certificate found in Variable which formatted
872 as EFI_SIGNATURE_LIST. The Variable may be PK, KEK, DB or DBX.
873
874 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed image.
875 @param[in] AuthDataSize Size of the Authenticode Signature in bytes.
876 @param[in] VariableName Name of Variable to search for Certificate.
877 @param[in] VendorGuid Variable vendor GUID.
878
879 @retval TRUE Image pass verification.
880 @retval FALSE Image fail verification.
881
882 **/
883 BOOLEAN
884 IsPkcsSignedDataVerifiedBySignatureList (
885 IN UINT8 *AuthData,
886 IN UINTN AuthDataSize,
887 IN CHAR16 *VariableName,
888 IN EFI_GUID *VendorGuid
889 )
890 {
891 EFI_STATUS Status;
892 BOOLEAN VerifyStatus;
893 EFI_SIGNATURE_LIST *CertList;
894 EFI_SIGNATURE_DATA *Cert;
895 UINTN DataSize;
896 UINT8 *Data;
897 UINT8 *RootCert;
898 UINTN RootCertSize;
899 UINTN Index;
900 UINTN CertCount;
901
902 Data = NULL;
903 CertList = NULL;
904 Cert = NULL;
905 RootCert = NULL;
906 RootCertSize = 0;
907 VerifyStatus = FALSE;
908
909 DataSize = 0;
910 Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, NULL);
911 if (Status == EFI_BUFFER_TOO_SMALL) {
912 Data = (UINT8 *) AllocateZeroPool (DataSize);
913 if (Data == NULL) {
914 return VerifyStatus;
915 }
916
917 Status = gRT->GetVariable (VariableName, VendorGuid, NULL, &DataSize, (VOID *) Data);
918 if (EFI_ERROR (Status)) {
919 goto Done;
920 }
921
922 //
923 // Find X509 certificate in Signature List to verify the signature in pkcs7 signed data.
924 //
925 CertList = (EFI_SIGNATURE_LIST *) Data;
926 while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
927 if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
928 Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
929 CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
930 for (Index = 0; Index < CertCount; Index++) {
931 //
932 // Iterate each Signature Data Node within this CertList for verify.
933 //
934 RootCert = Cert->SignatureData;
935 RootCertSize = CertList->SignatureSize - sizeof (EFI_GUID);
936
937 //
938 // Call AuthenticodeVerify library to Verify Authenticode struct.
939 //
940 VerifyStatus = AuthenticodeVerify (
941 AuthData,
942 AuthDataSize,
943 RootCert,
944 RootCertSize,
945 mImageDigest,
946 mImageDigestSize
947 );
948 if (VerifyStatus) {
949 goto Done;
950 }
951 Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
952 }
953 }
954 DataSize -= CertList->SignatureListSize;
955 CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
956 }
957 }
958
959 Done:
960 if (Data != NULL) {
961 FreePool (Data);
962 }
963
964 return VerifyStatus;
965 }
966
967 /**
968 Verify certificate in WIN_CERT_TYPE_PKCS_SIGNED_DATA format.
969
970 @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed image.
971 @param[in] AuthDataSize Size of the Authenticode Signature in bytes.
972
973 @retval EFI_SUCCESS Image pass verification.
974 @retval EFI_SECURITY_VIOLATION Image fail verification.
975
976 **/
977 EFI_STATUS
978 VerifyCertPkcsSignedData (
979 IN UINT8 *AuthData,
980 IN UINTN AuthDataSize
981 )
982 {
983 //
984 // 1: Find certificate from DBX forbidden database for revoked certificate.
985 //
986 if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid)) {
987 //
988 // DBX is forbidden database, if Authenticode verification pass with
989 // one of the certificate in DBX, this image should be rejected.
990 //
991 return EFI_SECURITY_VIOLATION;
992 }
993
994 //
995 // 2: Find certificate from DB database and try to verify authenticode struct.
996 //
997 if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid)) {
998 return EFI_SUCCESS;
999 } else {
1000 return EFI_SECURITY_VIOLATION;
1001 }
1002 }
1003
1004 /**
1005 Provide verification service for signed images, which include both signature validation
1006 and platform policy control. For signature types, both UEFI WIN_CERTIFICATE_UEFI_GUID and
1007 MSFT Authenticode type signatures are supported.
1008
1009 In this implementation, only verify external executables when in USER MODE.
1010 Executables from FV is bypass, so pass in AuthenticationStatus is ignored.
1011
1012 The image verification process is:
1013 If the image is signed,
1014 If the image's certificate verifies against a certificate (root or intermediate) in the allowed
1015 database (DB) and not in the forbidden database (DBX), the certificate verification is passed.
1016 If the image's hash digest is in DBX,
1017 deny execution.
1018 If not,
1019 run it.
1020 If the Image's certificate verification failed.
1021 If the Image's Hash is in DB and not in DBX,
1022 run it.
1023 Otherwise,
1024 deny execution.
1025 Otherwise, the image is not signed,
1026 Is the Image's Hash in DBX?
1027 If yes, deny execution.
1028 If not, is the Image's Hash in DB?
1029 If yes, run it.
1030 If not, deny execution.
1031
1032 Caution: This function may receive untrusted input.
1033 PE/COFF image is external input, so this function will validate its data structure
1034 within this image buffer before use.
1035
1036 @param[in] AuthenticationStatus
1037 This is the authentication status returned from the security
1038 measurement services for the input file.
1039 @param[in] File This is a pointer to the device path of the file that is
1040 being dispatched. This will optionally be used for logging.
1041 @param[in] FileBuffer File buffer matches the input file device path.
1042 @param[in] FileSize Size of File buffer matches the input file device path.
1043 @param[in] BootPolicy A boot policy that was used to call LoadImage() UEFI service.
1044
1045 @retval EFI_SUCCESS The file specified by DevicePath and non-NULL
1046 FileBuffer did authenticate, and the platform policy dictates
1047 that the DXE Foundation may use the file.
1048 @retval EFI_SUCCESS The device path specified by NULL device path DevicePath
1049 and non-NULL FileBuffer did authenticate, and the platform
1050 policy dictates that the DXE Foundation may execute the image in
1051 FileBuffer.
1052 @retval EFI_OUT_RESOURCE Fail to allocate memory.
1053 @retval EFI_SECURITY_VIOLATION The file specified by File did not authenticate, and
1054 the platform policy dictates that File should be placed
1055 in the untrusted state. The image has been added to the file
1056 execution table.
1057 @retval EFI_ACCESS_DENIED The file specified by File and FileBuffer did not
1058 authenticate, and the platform policy dictates that the DXE
1059 Foundation many not use File.
1060
1061 **/
1062 EFI_STATUS
1063 EFIAPI
1064 DxeImageVerificationHandler (
1065 IN UINT32 AuthenticationStatus,
1066 IN CONST EFI_DEVICE_PATH_PROTOCOL *File,
1067 IN VOID *FileBuffer,
1068 IN UINTN FileSize,
1069 IN BOOLEAN BootPolicy
1070 )
1071 {
1072 EFI_STATUS Status;
1073 UINT16 Magic;
1074 EFI_IMAGE_DOS_HEADER *DosHdr;
1075 EFI_STATUS VerifyStatus;
1076 EFI_SIGNATURE_LIST *SignatureList;
1077 UINTN SignatureListSize;
1078 EFI_SIGNATURE_DATA *Signature;
1079 EFI_IMAGE_EXECUTION_ACTION Action;
1080 WIN_CERTIFICATE *WinCertificate;
1081 UINT32 Policy;
1082 UINT8 *SecureBoot;
1083 PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
1084 UINT32 NumberOfRvaAndSizes;
1085 UINT32 CertSize;
1086 WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;
1087 WIN_CERTIFICATE_UEFI_GUID *WinCertUefiGuid;
1088 UINT8 *AuthData;
1089 UINTN AuthDataSize;
1090 EFI_IMAGE_DATA_DIRECTORY *SecDataDir;
1091
1092 SignatureList = NULL;
1093 SignatureListSize = 0;
1094 WinCertificate = NULL;
1095 SecDataDir = NULL;
1096 PkcsCertData = NULL;
1097 Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;
1098 Status = EFI_ACCESS_DENIED;
1099 //
1100 // Check the image type and get policy setting.
1101 //
1102 switch (GetImageType (File)) {
1103
1104 case IMAGE_FROM_FV:
1105 Policy = ALWAYS_EXECUTE;
1106 break;
1107
1108 case IMAGE_FROM_OPTION_ROM:
1109 Policy = PcdGet32 (PcdOptionRomImageVerificationPolicy);
1110 break;
1111
1112 case IMAGE_FROM_REMOVABLE_MEDIA:
1113 Policy = PcdGet32 (PcdRemovableMediaImageVerificationPolicy);
1114 break;
1115
1116 case IMAGE_FROM_FIXED_MEDIA:
1117 Policy = PcdGet32 (PcdFixedMediaImageVerificationPolicy);
1118 break;
1119
1120 default:
1121 Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION;
1122 break;
1123 }
1124 //
1125 // If policy is always/never execute, return directly.
1126 //
1127 if (Policy == ALWAYS_EXECUTE) {
1128 return EFI_SUCCESS;
1129 } else if (Policy == NEVER_EXECUTE) {
1130 return EFI_ACCESS_DENIED;
1131 }
1132
1133 GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);
1134 //
1135 // Skip verification if SecureBoot variable doesn't exist.
1136 //
1137 if (SecureBoot == NULL) {
1138 return EFI_SUCCESS;
1139 }
1140
1141 //
1142 // Skip verification if SecureBoot is disabled.
1143 //
1144 if (*SecureBoot == SECURE_BOOT_MODE_DISABLE) {
1145 FreePool (SecureBoot);
1146 return EFI_SUCCESS;
1147 }
1148 FreePool (SecureBoot);
1149
1150 //
1151 // Read the Dos header.
1152 //
1153 if (FileBuffer == NULL) {
1154 return EFI_INVALID_PARAMETER;
1155 }
1156
1157 mImageBase = (UINT8 *) FileBuffer;
1158 mImageSize = FileSize;
1159
1160 ZeroMem (&ImageContext, sizeof (ImageContext));
1161 ImageContext.Handle = (VOID *) FileBuffer;
1162 ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeImageVerificationLibImageRead;
1163
1164 //
1165 // Get information about the image being loaded
1166 //
1167 Status = PeCoffLoaderGetImageInfo (&ImageContext);
1168 if (EFI_ERROR (Status)) {
1169 //
1170 // The information can't be got from the invalid PeImage
1171 //
1172 goto Done;
1173 }
1174
1175 Status = EFI_ACCESS_DENIED;
1176
1177 DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;
1178 if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
1179 //
1180 // DOS image header is present,
1181 // so read the PE header after the DOS image header.
1182 //
1183 mPeCoffHeaderOffset = DosHdr->e_lfanew;
1184 } else {
1185 mPeCoffHeaderOffset = 0;
1186 }
1187 //
1188 // Check PE/COFF image.
1189 //
1190 mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *) (mImageBase + mPeCoffHeaderOffset);
1191 if (mNtHeader.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
1192 //
1193 // It is not a valid Pe/Coff file.
1194 //
1195 goto Done;
1196 }
1197
1198 if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
1199 //
1200 // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value
1201 // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the
1202 // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC
1203 // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC
1204 //
1205 Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;
1206 } else {
1207 //
1208 // Get the magic value from the PE/COFF Optional Header
1209 //
1210 Magic = mNtHeader.Pe32->OptionalHeader.Magic;
1211 }
1212
1213 if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
1214 //
1215 // Use PE32 offset.
1216 //
1217 NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
1218 if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
1219 SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
1220 }
1221 } else {
1222 //
1223 // Use PE32+ offset.
1224 //
1225 NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
1226 if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
1227 SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
1228 }
1229 }
1230
1231 if ((SecDataDir == NULL) || ((SecDataDir != NULL) && (SecDataDir->Size == 0))) {
1232 //
1233 // This image is not signed.
1234 //
1235 if (!HashPeImage (HASHALG_SHA256)) {
1236 goto Done;
1237 }
1238
1239 if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {
1240 //
1241 // Image Hash is in forbidden database (DBX).
1242 //
1243 goto Done;
1244 }
1245
1246 if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
1247 //
1248 // Image Hash is in allowed database (DB).
1249 //
1250 return EFI_SUCCESS;
1251 }
1252
1253 //
1254 // Image Hash is not found in both forbidden and allowed database.
1255 //
1256 goto Done;
1257 }
1258
1259 //
1260 // Verify signature of executables.
1261 //
1262 WinCertificate = (WIN_CERTIFICATE *) (mImageBase + SecDataDir->VirtualAddress);
1263
1264 CertSize = sizeof (WIN_CERTIFICATE);
1265
1266 if ((SecDataDir->Size <= CertSize) || (SecDataDir->Size < WinCertificate->dwLength)) {
1267 goto Done;
1268 }
1269
1270 //
1271 // Verify the image's Authenticode signature, only DER-encoded PKCS#7 signed data is supported.
1272 //
1273 if (WinCertificate->wCertificateType == WIN_CERT_TYPE_PKCS_SIGNED_DATA) {
1274 //
1275 // The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the
1276 // Authenticode specification.
1277 //
1278 PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate;
1279 if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {
1280 goto Done;
1281 }
1282 AuthData = PkcsCertData->CertData;
1283 AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr);
1284
1285 Status = HashPeImageByType (AuthData, AuthDataSize);
1286 if (EFI_ERROR (Status)) {
1287 goto Done;
1288 }
1289
1290 VerifyStatus = VerifyCertPkcsSignedData (AuthData, AuthDataSize);
1291 } else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
1292 //
1293 // The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec.
1294 //
1295 WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate;
1296 if (!CompareGuid(&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid) ||
1297 (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData))) {
1298 goto Done;
1299 }
1300 AuthData = WinCertUefiGuid->CertData;
1301 AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData);
1302
1303 Status = HashPeImageByType (AuthData, AuthDataSize);
1304 if (EFI_ERROR (Status)) {
1305 goto Done;
1306 }
1307 VerifyStatus = VerifyCertPkcsSignedData (AuthData, AuthDataSize);
1308 } else {
1309 goto Done;
1310 }
1311
1312 if (!EFI_ERROR (VerifyStatus)) {
1313 //
1314 // Verification is passed.
1315 // Continue to check the image digest in signature database.
1316 //
1317 if (IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize)) {
1318 //
1319 // Executable signature verification passes, but is found in forbidden signature database.
1320 //
1321 Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND;
1322 Status = EFI_ACCESS_DENIED;
1323 } else {
1324 //
1325 // For image verification against enrolled X.509 certificate(root or intermediate),
1326 // no need to check image's hash in the allowed database.
1327 //
1328 return EFI_SUCCESS;
1329 }
1330 } else {
1331 //
1332 // Verification failure.
1333 //
1334 if (!IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE1, mImageDigest, &mCertType, mImageDigestSize) &&
1335 IsSignatureFoundInDatabase (EFI_IMAGE_SECURITY_DATABASE, mImageDigest, &mCertType, mImageDigestSize)) {
1336 //
1337 // Verification fail, Image Hash is not in forbidden database (DBX),
1338 // and Image Hash is in allowed database (DB).
1339 //
1340 Status = EFI_SUCCESS;
1341 } else {
1342 Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
1343 Status = EFI_ACCESS_DENIED;
1344 }
1345 }
1346
1347 if (EFI_ERROR (Status)) {
1348 //
1349 // Get image hash value as executable's signature.
1350 //
1351 SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
1352 SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
1353 if (SignatureList == NULL) {
1354 Status = EFI_OUT_OF_RESOURCES;
1355 goto Done;
1356 }
1357 SignatureList->SignatureHeaderSize = 0;
1358 SignatureList->SignatureListSize = (UINT32) SignatureListSize;
1359 SignatureList->SignatureSize = (UINT32) mImageDigestSize;
1360 CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
1361 Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
1362 CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
1363 }
1364
1365 Done:
1366 if (Status != EFI_SUCCESS) {
1367 //
1368 // Policy decides to defer or reject the image; add its information in image executable information table.
1369 //
1370 AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize);
1371 Status = EFI_SECURITY_VIOLATION;
1372 }
1373
1374 if (SignatureList != NULL) {
1375 FreePool (SignatureList);
1376 }
1377
1378 return Status;
1379 }
1380
1381 /**
1382 When VariableWriteArchProtocol install, create "SecureBoot" variable.
1383
1384 @param[in] Event Event whose notification function is being invoked.
1385 @param[in] Context Pointer to the notification function's context.
1386
1387 **/
1388 VOID
1389 EFIAPI
1390 VariableWriteCallBack (
1391 IN EFI_EVENT Event,
1392 IN VOID *Context
1393 )
1394 {
1395 UINT8 SecureBootMode;
1396 UINT8 *SecureBootModePtr;
1397 EFI_STATUS Status;
1398 VOID *ProtocolPointer;
1399
1400 Status = gBS->LocateProtocol (&gEfiVariableWriteArchProtocolGuid, NULL, &ProtocolPointer);
1401 if (EFI_ERROR (Status)) {
1402 return;
1403 }
1404
1405 //
1406 // Check whether "SecureBoot" variable exists.
1407 // If this library is built-in, it means firmware has capability to perform
1408 // driver signing verification.
1409 //
1410 GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBootModePtr, NULL);
1411 if (SecureBootModePtr == NULL) {
1412 SecureBootMode = SECURE_BOOT_MODE_DISABLE;
1413 //
1414 // Authenticated variable driver will update "SecureBoot" depending on SetupMode variable.
1415 //
1416 gRT->SetVariable (
1417 EFI_SECURE_BOOT_MODE_NAME,
1418 &gEfiGlobalVariableGuid,
1419 EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS | EFI_VARIABLE_NON_VOLATILE,
1420 sizeof (UINT8),
1421 &SecureBootMode
1422 );
1423 } else {
1424 FreePool (SecureBootModePtr);
1425 }
1426 }
1427
1428 /**
1429 Register security measurement handler.
1430
1431 @param ImageHandle ImageHandle of the loaded driver.
1432 @param SystemTable Pointer to the EFI System Table.
1433
1434 @retval EFI_SUCCESS The handlers were registered successfully.
1435 **/
1436 EFI_STATUS
1437 EFIAPI
1438 DxeImageVerificationLibConstructor (
1439 IN EFI_HANDLE ImageHandle,
1440 IN EFI_SYSTEM_TABLE *SystemTable
1441 )
1442 {
1443 VOID *Registration;
1444
1445 //
1446 // Register callback function upon VariableWriteArchProtocol.
1447 //
1448 EfiCreateProtocolNotifyEvent (
1449 &gEfiVariableWriteArchProtocolGuid,
1450 TPL_CALLBACK,
1451 VariableWriteCallBack,
1452 NULL,
1453 &Registration
1454 );
1455
1456 return RegisterSecurity2Handler (
1457 DxeImageVerificationHandler,
1458 EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
1459 );
1460 }