Make sure we don't try to load a binary from a different arch.

Since in theory you could, for example, get an x86_64 binary signed that
also behaves as an ARM executable, we should be checking this before
people build on other architectures.

Signed-off-by: Peter Jones <pjones@redhat.com>

2 files changed, 20 insertions, 0 deletions

diff --git a/include/PeImage.h b/include/PeImage.h
index ec134047..133e11e6 100644
--- a/include/PeImage.h
+++ b/include/PeImage.h
@@ -49,6 +49,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 #define IMAGE_FILE_MACHINE_EBC             0x0EBC

 #define IMAGE_FILE_MACHINE_X64             0x8664

 #define IMAGE_FILE_MACHINE_ARMTHUMB_MIXED  0x01c2

+#define IMAGE_FILE_MACHINE_ARM64	   0xaa64

 

 //

 // EXE file formats

diff --git a/shim.c b/shim.c
index 1329212a..1ec1e113 100644
--- a/shim.c
+++ b/shim.c
@@ -947,6 +947,20 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
 	return EFI_SUCCESS;
 }
 
+static const UINT16 machine_type =
+#if defined(__x86_64__)
+	IMAGE_FILE_MACHINE_X64;
+#elif defined(__aarch64__)
+	IMAGE_FILE_MACHINE_ARM64;
+#elif defined(__arm__)
+	IMAGE_FILE_MACHINE_ARMTHUMB_MIXED;
+#elif defined(__i386__) || defined(__i486__) || defined(__i686__)
+	IMAGE_FILE_MACHINE_I386;
+#elif defined(__ia64__)
+	IMAGE_FILE_MACHINE_IA64;
+#else
+#error this architecture is not supported by shim
+#endif
 
 /*
  * Once the image has been loaded it needs to be validated and relocated
@@ -971,6 +985,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize,
 		return efi_status;
 	}
 
+	if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) {
+		perror(L"Image is for a different architecture\n");
+		return EFI_UNSUPPORTED;
+	}
+
 	/*
 	 * We only need to verify the binary if we're in secure mode
 	 */