}\r
\r
DevicePathSize = GetDevicePathSize (DevicePath);\r
- NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;\r
+ NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) - sizeof (EFI_SIGNATURE_LIST) + NameStringLen + DevicePathSize + SignatureSize;\r
NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);\r
if (NewImageExeInfoTable == NULL) {\r
return ;\r
)\r
{\r
BOOLEAN IsFound;\r
- EFI_STATUS Status;\r
+ BOOLEAN Status;\r
EFI_SIGNATURE_LIST *DbxList;\r
UINTN DbxSize;\r
EFI_SIGNATURE_DATA *CertHash;\r
UINT8 CertDigest[MAX_DIGEST_SIZE];\r
UINT8 *DbxCertHash;\r
UINTN SiglistHeaderSize;\r
+ UINT8 *TBSCert;\r
+ UINTN TBSCertSize;\r
\r
IsFound = FALSE;\r
DbxList = SignatureList;\r
HashCtx = NULL;\r
HashAlg = HASHALG_MAX;\r
\r
- ASSERT (RevocationTime != NULL);\r
- ASSERT (DbxList != NULL);\r
+ if ((RevocationTime == NULL) || (DbxList == NULL)) {\r
+ return FALSE;\r
+ }\r
+\r
+ //\r
+ // Retrieve the TBSCertificate from the X.509 Certificate.\r
+ //\r
+ if (!X509GetTBSCert (Certificate, CertSize, &TBSCert, &TBSCertSize)) {\r
+ return FALSE;\r
+ }\r
\r
while ((DbxSize > 0) && (SignatureListSize >= DbxList->SignatureListSize)) {\r
//\r
}\r
\r
//\r
- // Calculate the hash value of current db certificate for comparision.\r
+ // Calculate the hash value of current TBSCertificate for comparision.\r
//\r
if (mHash[HashAlg].GetContextSize == NULL) {\r
goto Done;\r
if (!Status) {\r
goto Done;\r
}\r
- Status = mHash[HashAlg].HashUpdate (HashCtx, Certificate, CertSize);\r
+ Status = mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize);\r
if (!Status) {\r
goto Done;\r
}\r
UINTN AuthDataSize;\r
EFI_IMAGE_DATA_DIRECTORY *SecDataDir;\r
UINT32 OffSet;\r
+ CHAR16 *NameStr;\r
\r
SignatureList = NULL;\r
SignatureListSize = 0;\r
//\r
// Policy decides to defer or reject the image; add its information in image executable information table.\r
//\r
- AddImageExeInfo (Action, NULL, File, SignatureList, SignatureListSize);\r
+ NameStr = ConvertDevicePathToText (File, FALSE, TRUE);\r
+ AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);\r
+ if (NameStr != NULL) {\r
+ DEBUG((EFI_D_INFO, "The image doesn't pass verification: %s\n", NameStr));\r
+ FreePool(NameStr);\r
+ }\r
Status = EFI_SECURITY_VIOLATION;\r
}\r
\r