X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FLibrary%2FDxeImageVerificationLib%2FDxeImageVerificationLib.c;h=2a54296134b5835ed7f5645f58fd79fbf6d9a189;hp=ec18a1b523388f38c1a97617d8a69a7ad766fb79;hb=de2447dd4ca93ca37ff067c325e478dc586235ca;hpb=bf4a3dbd4751b6411bdfc98bf3ac2c4f928bdfdf diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c index ec18a1b523..2a54296134 100644 --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c @@ -297,7 +297,21 @@ HashPeImage ( // Measuring PE/COFF Image Header; // But CheckSum field and SECURITY data directory (certificate) are excluded // - Magic = mNtHeader.Pe32->OptionalHeader.Magic; + if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value + // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the + // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC + // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC + // + Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC; + } else { + // + // Get the magic value from the PE/COFF Optional Header + // + Magic = mNtHeader.Pe32->OptionalHeader.Magic; + } + // // 3. Calculate the distance from the base of the image header to the image checksum address. // 4. Hash the image header from its base to beginning of the image checksum. @@ -1065,7 +1079,7 @@ VerifyCertUefiGuid ( // // Get KEK database variable. // - GetEfiGlobalVariable2 (EFI_KEY_EXCHANGE_KEY_NAME, &KekList, NULL); + GetEfiGlobalVariable2 (EFI_KEY_EXCHANGE_KEY_NAME, (VOID**)&KekList, NULL); if (KekList == NULL) { return EFI_SECURITY_VIOLATION; } @@ -1260,7 +1274,7 @@ DxeImageVerificationHandler ( return EFI_ACCESS_DENIED; } - GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, &SecureBootEnable, NULL); + GetVariable2 (EFI_SECURE_BOOT_ENABLE_NAME, &gEfiSecureBootEnableDisableGuid, (VOID**)&SecureBootEnable, NULL); // // Skip verification if SecureBootEnable variable doesn't exist. // @@ -1278,7 +1292,7 @@ DxeImageVerificationHandler ( FreePool (SecureBootEnable); - GetEfiGlobalVariable2 (EFI_SETUP_MODE_NAME, &SetupMode, NULL); + GetEfiGlobalVariable2 (EFI_SETUP_MODE_NAME, (VOID**)&SetupMode, NULL); // // SetupMode doesn't exist means no AuthVar driver is dispatched, @@ -1346,7 +1360,21 @@ DxeImageVerificationHandler ( goto Done; } - Magic = mNtHeader.Pe32->OptionalHeader.Magic; + if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + // + // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value + // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the + // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC + // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC + // + Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC; + } else { + // + // Get the magic value from the PE/COFF Optional Header + // + Magic = mNtHeader.Pe32->OptionalHeader.Magic; + } + if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // Use PE32 offset. @@ -1544,7 +1572,7 @@ VariableWriteCallBack ( // If this library is built-in, it means firmware has capability to perform // driver signing verification. // - GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, &SecureBootModePtr, NULL); + GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBootModePtr, NULL); if (SecureBootModePtr == NULL) { SecureBootMode = SECURE_BOOT_MODE_DISABLE; //