EFI_IMAGE_SECTION_HEADER *SectionHeader;\r
UINTN Index;\r
UINTN Pos;\r
- UINTN SumOfSectionBytes;\r
- EFI_IMAGE_SECTION_HEADER *SectionCache;\r
UINT32 CertSize;\r
UINT32 NumberOfRvaAndSizes;\r
\r
// Measuring PE/COFF Image Header;\r
// But CheckSum field and SECURITY data directory (certificate) are excluded\r
//\r
- Magic = mNtHeader.Pe32->OptionalHeader.Magic;\r
+ if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ //\r
+ // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value \r
+ // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the \r
+ // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC\r
+ // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC\r
+ //\r
+ Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;\r
+ } else {\r
+ //\r
+ // Get the magic value from the PE/COFF Optional Header\r
+ //\r
+ Magic = mNtHeader.Pe32->OptionalHeader.Magic;\r
+ }\r
+ \r
//\r
// 3. Calculate the distance from the base of the image header to the image checksum address.\r
// 4. Hash the image header from its base to beginning of the image checksum.\r
mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader\r
);\r
\r
- SectionCache = Section;\r
- for (Index = 0, SumOfSectionBytes = 0; Index < mNtHeader.Pe32->FileHeader.NumberOfSections; Index++, SectionCache++) {\r
- SumOfSectionBytes += SectionCache->SizeOfRawData;\r
- }\r
-\r
//\r
// 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER\r
// structures in the image. The 'NumberOfSections' field of the image\r
\r
PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) (mImageBase + mSecDataDir->VirtualAddress);\r
\r
+ if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32) {\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
for (Index = 0; Index < HASHALG_MAX; Index++) {\r
//\r
// Check the Hash algorithm in PE/COFF Authenticode.\r
continue;\r
}\r
\r
+ if (PkcsCertData->Hdr.dwLength < sizeof (WIN_CERTIFICATE_EFI_PKCS) + 32 + mHash[Index].OidLength) {\r
+ return EFI_UNSUPPORTED;\r
+ }\r
+\r
if (CompareMem (PkcsCertData->CertData + 32, mHash[Index].OidValue, mHash[Index].OidLength) == 0) {\r
break;\r
}\r
//\r
VerifyStatus = AuthenticodeVerify (\r
PkcsCertData->CertData,\r
- mSecDataDir->Size - sizeof(PkcsCertData->Hdr),\r
+ PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr),\r
RootCert,\r
RootCertSize,\r
mImageDigest,\r
//\r
// Get KEK database variable.\r
//\r
- KekList = GetEfiGlobalVariable (EFI_KEY_EXCHANGE_KEY_NAME);\r
+ GetEfiGlobalVariable2 (EFI_KEY_EXCHANGE_KEY_NAME, (VOID**)&KekList, NULL);\r
if (KekList == NULL) {\r
return EFI_SECURITY_VIOLATION;\r
}\r
UINT8 *SecureBootEnable;\r
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;\r
UINT32 NumberOfRvaAndSizes;\r
+ UINT32 CertSize;\r
\r
if (File == NULL) {\r
return EFI_INVALID_PARAMETER;\r
return EFI_ACCESS_DENIED;\r
}\r
\r
- SecureBootEnable = GetVariable (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid);\r
+ GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL);\r
//\r
// Skip verification if SecureBootEnable variable doesn't exist.\r
//\r
\r
FreePool (SecureBootEnable);\r
\r
- SetupMode = GetEfiGlobalVariable (EFI_SETUP_MODE_NAME);\r
+ GetEfiGlobalVariable2 (EFI_SETUP_MODE_NAME, (VOID**)&SetupMode, NULL);\r
\r
//\r
// SetupMode doesn't exist means no AuthVar driver is dispatched,\r
goto Done;\r
}\r
\r
- DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;\r
+ Status = EFI_ACCESS_DENIED;\r
+\r
+ DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;\r
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {\r
//\r
// DOS image header is present,\r
//\r
// It is not a valid Pe/Coff file.\r
//\r
- Status = EFI_ACCESS_DENIED;\r
goto Done;\r
}\r
\r
- Magic = mNtHeader.Pe32->OptionalHeader.Magic;\r
+ if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
+ //\r
+ // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value \r
+ // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the \r
+ // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC\r
+ // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC\r
+ //\r
+ Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC;\r
+ } else {\r
+ //\r
+ // Get the magic value from the PE/COFF Optional Header\r
+ //\r
+ Magic = mNtHeader.Pe32->OptionalHeader.Magic;\r
+ }\r
+ \r
if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {\r
//\r
// Use PE32 offset.\r
//\r
// Image Hash is in forbidden database (DBX).\r
//\r
- Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;\r
- Status = EFI_ACCESS_DENIED;\r
goto Done;\r
}\r
\r
//\r
// Image Hash is not found in both forbidden and allowed database.\r
//\r
- Action = EFI_IMAGE_EXECUTION_AUTH_UNTESTED;\r
- Status = EFI_ACCESS_DENIED;\r
goto Done;\r
}\r
\r
//\r
WinCertificate = (WIN_CERTIFICATE *) (mImageBase + mSecDataDir->VirtualAddress);\r
\r
+ CertSize = sizeof (WIN_CERTIFICATE);\r
+\r
+ if ((mSecDataDir->Size <= CertSize) || (mSecDataDir->Size < WinCertificate->dwLength)) {\r
+ goto Done;\r
+ }\r
+\r
switch (WinCertificate->wCertificateType) {\r
\r
case WIN_CERT_TYPE_EFI_GUID:\r
+ CertSize = sizeof (WIN_CERTIFICATE_UEFI_GUID) + sizeof (EFI_CERT_BLOCK_RSA_2048_SHA256) - sizeof (UINT8);\r
+ if (WinCertificate->dwLength < CertSize) {\r
+ goto Done;\r
+ }\r
+\r
//\r
// Verify UEFI GUID type.\r
//\r
//\r
// Verify Pkcs signed data type.\r
//\r
- Status = HashPeImageByType();\r
+ Status = HashPeImageByType();\r
if (EFI_ERROR (Status)) {\r
goto Done;\r
}\r
break;\r
\r
default:\r
- Status = EFI_ACCESS_DENIED;\r
goto Done;\r
}\r
//\r
// If this library is built-in, it means firmware has capability to perform\r
// driver signing verification.\r
//\r
- SecureBootModePtr = GetEfiGlobalVariable (EFI_SECURE_BOOT_MODE_NAME);\r
+ GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBootModePtr, NULL);\r
if (SecureBootModePtr == NULL) {\r
SecureBootMode = SECURE_BOOT_MODE_DISABLE;\r
//\r