diff options
| -rw-r--r-- | Makefile | 14 | ||||
| -rw-r--r-- | include/sbat.h | 10 | ||||
| -rw-r--r-- | pe.c | 57 | ||||
| -rw-r--r-- | sbat.c | 8 | ||||
| -rw-r--r-- | shim.c | 4 | ||||
| -rw-r--r-- | shim.h | 1 |
6 files changed, 68 insertions, 26 deletions
@@ -33,12 +33,12 @@ CFLAGS += -DENABLE_SHIM_CERT else TARGETS += $(MMNAME) $(FBNAME) endif -OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o pe.o +OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer -ORIG_SOURCES = shim.c mok.c netboot.c replacements.c tpm.c errlog.c pe.c shim.h version.h $(wildcard include/*.h) -MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat.o +ORIG_SOURCES = shim.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c shim.h version.h $(wildcard include/*.h) +MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h) -FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat.o +FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o ORIG_FALLBACK_SRCS = fallback.c SBATPATH = data/sbat.csv @@ -91,9 +91,9 @@ sbat.%.csv : data/sbat.%.csv VENDOR_SBATS := $(foreach x,$(wildcard data/sbat.*.csv),$(notdir $(x))) -sbat.o : | $(SBATPATH) $(VENDOR_SBATS) -sbat.o : $(TOPDIR)/sbat.c - $(CC) $(CFLAGS) -c -o $@ $< +sbat_data.o : | $(SBATPATH) $(VENDOR_SBATS) +sbat_data.o : /dev/null + $(CC) $(CFLAGS) -x c -c -o $@ $< $(OBJCOPY) --add-section .sbat=$(SBATPATH) $@ $(foreach vs,$(VENDOR_SBATS),$(call add-vendor-sbat,$(vs),$@)) diff --git a/include/sbat.h b/include/sbat.h new file mode 100644 index 00000000..acda5ef6 --- /dev/null +++ b/include/sbat.h @@ -0,0 +1,10 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * sbat.c - parse SBAT data from the .rsrc section data + */ + +#ifndef SBAT_H_ +#define SBAT_H_ + +#endif /* !SBAT_H_ */ +// vim:fenc=utf-8:tw=75:noet @@ -874,22 +874,6 @@ handle_image (void *data, unsigned int datasize, } #endif - if (secure_mode ()) { - efi_status = verify_buffer(data, datasize, &context, - sha256hash, sha1hash); - - if (EFI_ERROR(efi_status)) { - if (verbose) - console_print(L"Verification failed: %r\n", efi_status); - else - console_error(L"Verification failed", efi_status); - return efi_status; - } else { - if (verbose) - console_print(L"Verification succeeded\n"); - } - } - /* The spec says, uselessly, of SectionAlignment: * ===== * The alignment (in bytes) of sections when they are loaded into @@ -946,6 +930,9 @@ handle_image (void *data, unsigned int datasize, EFI_IMAGE_SECTION_HEADER *RelocSection = NULL; + char *SBATBase = NULL; + size_t SBATSize = 0; + /* * Copy the executable's sections to their desired offsets */ @@ -990,6 +977,27 @@ handle_image (void *data, unsigned int datasize, RelocBaseEnd == end) { RelocSection = Section; } + } else if (CompareMem(Section->Name, ".sbat\0\0\0", 8) == 0) { + if (SBATBase || SBATSize) { + perror(L"Image has multiple resource sections\n"); + return EFI_UNSUPPORTED; + } + + if (Section->NumberOfRelocations != 0 || + Section->PointerToRelocations != 0) { + perror(L"SBAT section has relocations\n"); + return EFI_UNSUPPORTED; + } + + /* If it has nonzero size, and our bounds check made + * sense, sizes match, then we believe it's okay. */ + if (Section->SizeOfRawData && + Section->SizeOfRawData == Section->Misc.VirtualSize && + base && end) { + SBATBase = base; + /* +1 because of size vs last byte location */ + SBATSize = end - base + 1; + } } if (Section->Characteristics & EFI_IMAGE_SCN_MEM_DISCARDABLE) { @@ -1030,6 +1038,22 @@ handle_image (void *data, unsigned int datasize, } } + if (secure_mode ()) { + efi_status = verify_buffer(data, datasize, + &context, sha256hash, sha1hash); + + if (EFI_ERROR(efi_status)) { + if (verbose) + console_print(L"Verification failed: %r\n", efi_status); + else + console_error(L"Verification failed", efi_status); + return efi_status; + } else { + if (verbose) + console_print(L"Verification succeeded\n"); + } + } + if (context.NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) { perror(L"Image has no relocation entry\n"); FreePool(buffer); @@ -1075,5 +1099,4 @@ handle_image (void *data, unsigned int datasize, return EFI_SUCCESS; } - // vim:fenc=utf-8:tw=75:noet @@ -0,0 +1,8 @@ +// SPDX-License-Identifier: BSD-2-Clause-Patent +/* + * sbat.c - parse SBAT data from the .sbat section data + */ + +#include "shim.h" + +// vim:fenc=utf-8:tw=75:noet @@ -1052,8 +1052,8 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size) goto done; } - efi_status = verify_buffer(buffer, size, &context, - sha256hash, sha1hash); + efi_status = verify_buffer(buffer, size, + &context, sha256hash, sha1hash); done: in_protocol = 0; return efi_status; @@ -146,6 +146,7 @@ #include "include/tpm.h" #include "include/ucs2.h" #include "include/variables.h" +#include "include/sbat.h" #include "version.h" |