proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-06-14 12:49:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Check that platform is in user mode before doing any validation

Browse Source
This commit is contained in:
Matthew Garrett 2012-06-12 02:12:31 -04:00
parent 0db1af8aeb
commit b6db0dd4db
2 changed files with 45 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
TODO
View File

@ -1,4 +1,3 @@
Fall through if not in user mode
Check against blacklist Check against blacklist
Attempt to just LoadImage and StartImage? Attempt to just LoadImage and StartImage?
Support for netbooting Support for netbooting

47
shim.c
View File

@ -50,6 +50,33 @@ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TAB
#include "cert.h" #include "cert.h"
static EFI_STATUS get_variable (CHAR16 *name, EFI_GUID guid,
unsigned int *size,void **buffer)
{
EFI_STATUS efi_status;
UINT32 attributes;
char allocate = !!(*size);
efi_status = uefi_call_wrapper(RT->GetVariable, 5, name, &guid,
&attributes, size, NULL);
if (efi_status != EFI_BUFFER_TOO_SMALL || !allocate)
return efi_status;
if (allocate)
*buffer = AllocatePool(*size);
if (!*buffer) {
Print(L"Unable to allocate variable buffer\n");
return EFI_OUT_OF_RESOURCES;
}
efi_status = uefi_call_wrapper(RT->GetVariable, 5, name, &guid,
&attributes, size, *buffer);
return efi_status;
}
/* /*
* Perform basic bounds checking of the intra-image pointers * Perform basic bounds checking of the intra-image pointers
*/ */
@ -173,17 +200,33 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
{ {
unsigned int size = datasize; unsigned int size = datasize;
unsigned int ctxsize; unsigned int ctxsize;
void *ctx; void *ctx = NULL;
UINT8 sb, setupmode;
UINT8 hash[SHA256_DIGEST_SIZE]; UINT8 hash[SHA256_DIGEST_SIZE];
EFI_STATUS status = EFI_ACCESS_DENIED; EFI_STATUS status = EFI_ACCESS_DENIED;
char *hashbase; char *hashbase;
unsigned int hashsize; unsigned int hashsize;
WIN_CERTIFICATE_EFI_PKCS *cert; WIN_CERTIFICATE_EFI_PKCS *cert;
unsigned int SumOfBytesHashed, SumOfSectionBytes; unsigned int SumOfBytesHashed, SumOfSectionBytes;
unsigned int index, pos; unsigned int index, pos, charsize = sizeof(char);
EFI_IMAGE_SECTION_HEADER *Section; EFI_IMAGE_SECTION_HEADER *Section;
EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL; EFI_IMAGE_SECTION_HEADER *SectionHeader = NULL;
EFI_IMAGE_SECTION_HEADER *SectionCache; EFI_IMAGE_SECTION_HEADER *SectionCache;
EFI_GUID global_var = EFI_GLOBAL_VARIABLE;
status = get_variable(L"SecureBoot", global_var, &charsize, (void *)&sb);
/* FIXME - more paranoia here? */
if (status != EFI_SUCCESS || sb != 1) {
status = EFI_SUCCESS;
goto done;
}
status = get_variable(L"SetupMode", global_var, &charsize, (void *)&setupmode);
if (status == EFI_SUCCESS && setupmode == 1) {
goto done;
}
cert = ImageAddress (data, size, context->SecDir->VirtualAddress); cert = ImageAddress (data, size, context->SecDir->VirtualAddress);