diff options
| author | Peter Jones <pjones@redhat.com> | 2014-08-27 16:39:51 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2014-08-27 16:40:57 -0400 |
| commit | fa2a35ce78b3dc4e9b29f47a9ebc675a97a9a7c7 (patch) | |
| tree | 8a5bbe89277c9e9ba98e31757a1e8ad8d3fbad1f /shim.c | |
| parent | 32f10548cdf1919103654ab65601c8b15c3976a1 (diff) | |
| download | efi-boot-shim-fa2a35ce78b3dc4e9b29f47a9ebc675a97a9a7c7.tar.gz efi-boot-shim-fa2a35ce78b3dc4e9b29f47a9ebc675a97a9a7c7.zip | |
Make sure we don't try to load a binary from a different arch.
Since in theory you could, for example, get an x86_64 binary signed that
also behaves as an ARM executable, we should be checking this before
people build on other architectures.
Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'shim.c')
| -rw-r--r-- | shim.c | 19 |
1 files changed, 19 insertions, 0 deletions
@@ -947,6 +947,20 @@ static EFI_STATUS read_header(void *data, unsigned int datasize, return EFI_SUCCESS; } +static const UINT16 machine_type = +#if defined(__x86_64__) + IMAGE_FILE_MACHINE_X64; +#elif defined(__aarch64__) + IMAGE_FILE_MACHINE_ARM64; +#elif defined(__arm__) + IMAGE_FILE_MACHINE_ARMTHUMB_MIXED; +#elif defined(__i386__) || defined(__i486__) || defined(__i686__) + IMAGE_FILE_MACHINE_I386; +#elif defined(__ia64__) + IMAGE_FILE_MACHINE_IA64; +#else +#error this architecture is not supported by shim +#endif /* * Once the image has been loaded it needs to be validated and relocated @@ -971,6 +985,11 @@ static EFI_STATUS handle_image (void *data, unsigned int datasize, return efi_status; } + if (context.PEHdr->Pe32.FileHeader.Machine != machine_type) { + perror(L"Image is for a different architecture\n"); + return EFI_UNSUPPORTED; + } + /* * We only need to verify the binary if we're in secure mode */ |