diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index ba9027753b..fa565661f1 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -36,6 +36,9 @@ # DEFINE BUILD_SHELL = TRUE + DEFINE LEGACY_WINDOWS_LOADER = FALSE + DEFINE LINUX_LOADER = FALSE + # # Device drivers # @@ -99,12 +102,6 @@ GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED !endif -[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER] - GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000 - XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000 - XCODE:*_*_*_MTOC_FLAGS = -align 0x1000 - CLANGPDB:*_*_*_DLINK_FLAGS = /ALIGN:4096 - ################################################################################ # # SKU Identification section - list of all SKU IDs supported by this Platform. @@ -134,7 +131,8 @@ SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf - PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf + PeCoffLib2|MdePkg/Library/BasePeCoffLib2/BasePeCoffLib2.inf + UefiImageLib|MdePkg/Library/BaseUefiImageLib/BaseUefiImageLibPeCoff.inf CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.inf UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf @@ -146,7 +144,6 @@ CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf - PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf @@ -185,9 +182,14 @@ CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf - PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf +!if $(SOURCE_DEBUG_ENABLE) == TRUE + UefiImageExtraActionLib|SourceLevelDebugPkg/Library/UefiImageExtraActionLibDebug/UefiImageExtraActionLibDebug.inf +!else + UefiImageExtraActionLib|MdePkg/Library/BaseUefiImageExtraActionLibNull/BaseUefiImageExtraActionLibNull.inf +!endif + LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf @@ -470,6 +472,21 @@ # Point to the MdeModulePkg/Application/UiApp/UiApp.inf gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } + # + # Security measures for memory protection. + # + !if $(LEGACY_WINDOWS_LOADER) == TRUE + # Allow execution of EfiLoaderData memory regions. + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xFFFFFFFFFFFFFFD1 + !elseif $(LINUX_LOADER) == TRUE + # Allow execution of EfiReservedMemoryType, EfiConventionalMemory, EfiBootServicesData and EfiLoaderData memory regions. + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xFFFFFFFFFFFFFF40 + gEfiMdePkgTokenSpaceGuid.PcdImageLoaderAllowMisalignedOffset|TRUE + !else + # Allow execution of EfiConventionalMemory and EfiBootServicesData memory regions. + gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xFFFFFFFFFFFFFF45 + !endif + ################################################################################ # # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.c b/OvmfPkg/IntelTdx/Sec/SecMain.c index ccb217b709..396985a55a 100644 --- a/OvmfPkg/IntelTdx/Sec/SecMain.c +++ b/OvmfPkg/IntelTdx/Sec/SecMain.c @@ -19,8 +19,6 @@ #include #include #include -#include -#include #include #include #include diff --git a/OvmfPkg/IntelTdx/Sec/SecMain.inf b/OvmfPkg/IntelTdx/Sec/SecMain.inf index 9cf1249d02..9f1668937b 100644 --- a/OvmfPkg/IntelTdx/Sec/SecMain.inf +++ b/OvmfPkg/IntelTdx/Sec/SecMain.inf @@ -40,9 +40,6 @@ UefiCpuLib DebugAgentLib IoLib - PeCoffLib - PeCoffGetEntryPointLib - PeCoffExtraActionLib ExtractGuidedSectionLib LocalApicLib MemEncryptSevLib diff --git a/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c b/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c index d34690eb8a..f2f0acff3a 100644 --- a/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c +++ b/OvmfPkg/Library/PeilessStartupLib/DxeLoad.c @@ -194,6 +194,7 @@ FindDxeNonCc ( EFI_FV_INFO FvImageInfo; UINT32 FvAlignment; VOID *FvBuffer; + UINT32 FvImageSize; FileHandle = NULL; @@ -209,7 +210,7 @@ FindDxeNonCc ( // // Find FvImage in FvFile // - Status = FfsFindSectionDataWithHook (EFI_SECTION_FIRMWARE_VOLUME_IMAGE, CheckSectionHookForDxeNonCc, FileHandle, (VOID **)&FvImageHandle); + Status = FfsFindSectionDataWithHook (EFI_SECTION_FIRMWARE_VOLUME_IMAGE, CheckSectionHookForDxeNonCc, FileHandle, (VOID **)&FvImageHandle, &FvImageSize); if (EFI_ERROR (Status)) { return Status; } @@ -281,10 +282,11 @@ DxeLoadCore ( EFI_STATUS Status; EFI_FV_FILE_INFO DxeCoreFileInfo; EFI_PHYSICAL_ADDRESS DxeCoreAddress; - UINT64 DxeCoreSize; + UINT32 DxeCoreSize; EFI_PHYSICAL_ADDRESS DxeCoreEntryPoint; EFI_PEI_FILE_HANDLE FileHandle; - VOID *PeCoffImage; + VOID *UefiImage; + UINT32 UefiImageSize; // // Look in all the FVs present and find the DXE Core FileHandle @@ -303,12 +305,12 @@ DxeLoadCore ( // // Load the DXE Core from a Firmware Volume. // - Status = FfsFindSectionDataWithHook (EFI_SECTION_PE32, NULL, FileHandle, &PeCoffImage); + Status = FfsFindSectionDataWithHook (EFI_SECTION_PE32, NULL, FileHandle, &UefiImage, &UefiImageSize); if (EFI_ERROR (Status)) { return Status; } - Status = LoadPeCoffImage (PeCoffImage, &DxeCoreAddress, &DxeCoreSize, &DxeCoreEntryPoint); + Status = LoadUefiImage (UefiImage, UefiImageSize, &DxeCoreAddress, &DxeCoreSize, &DxeCoreEntryPoint); ASSERT_EFI_ERROR (Status); // diff --git a/SecurityPkg/Include/Library/HashLib.h b/SecurityPkg/Include/Library/HashLib.h index 0f6fb3828d..d5ee87012f 100644 --- a/SecurityPkg/Include/Library/HashLib.h +++ b/SecurityPkg/Include/Library/HashLib.h @@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include +typedef UINTN HASH_HANDLE; /** Start hash sequence. @@ -23,10 +24,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. **/ -BOOLEAN +EFI_STATUS EFIAPI HashStart ( - OUT VOID **HashHandle + OUT HASH_HANDLE *HashHandle ); /** @@ -38,11 +39,11 @@ HashStart ( @retval EFI_SUCCESS Hash sequence updated. **/ -BOOLEAN +EFI_STATUS EFIAPI HashUpdate ( - IN VOID *HashHandle, - IN CONST VOID *DataToHash, + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, IN UINTN DataToHashLen ); @@ -60,7 +61,7 @@ HashUpdate ( EFI_STATUS EFIAPI HashCompleteAndExtend ( - IN VOID *HashHandle, + IN HASH_HANDLE HashHandle, IN TPMI_DH_PCR PcrIndex, IN VOID *DataToHash, IN UINTN DataToHashLen, @@ -95,9 +96,9 @@ HashAndExtend ( @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. **/ typedef -BOOLEAN +EFI_STATUS (EFIAPI *HASH_INIT)( - OUT VOID **HashHandle + OUT HASH_HANDLE *HashHandle ); /** @@ -110,10 +111,10 @@ BOOLEAN @retval EFI_SUCCESS Hash sequence updated. **/ typedef -BOOLEAN +EFI_STATUS (EFIAPI *HASH_UPDATE)( - IN VOID *HashHandle, - IN CONST VOID *DataToHash, + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, IN UINTN DataToHashLen ); @@ -126,9 +127,9 @@ BOOLEAN @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. **/ typedef -BOOLEAN +EFI_STATUS (EFIAPI *HASH_FINAL)( - IN VOID *HashHandle, + IN HASH_HANDLE HashHandle, OUT TPML_DIGEST_VALUES *DigestList ); diff --git a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c index 0d6c032173..1f21483e16 100644 --- a/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c +++ b/SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c @@ -45,10 +45,10 @@ Tpm2SetSha384ToDigestList ( @retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha384HashInit ( - OUT VOID **HashHandle + OUT HASH_HANDLE *HashHandle ) { VOID *Sha384Ctx; @@ -60,9 +60,9 @@ Sha384HashInit ( Sha384Init (Sha384Ctx); - *HashHandle = Sha384Ctx; + *HashHandle = (HASH_HANDLE)Sha384Ctx; - return TRUE; + return EFI_SUCCESS; } /** @@ -74,17 +74,20 @@ Sha384HashInit ( @retval EFI_SUCCESS Hash sequence updated. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha384HashUpdate ( - IN VOID *HashHandle, - IN CONST VOID *DataToHash, + IN HASH_HANDLE HashHandle, + IN VOID *DataToHash, IN UINTN DataToHashLen ) { - Sha384Update (HashHandle, DataToHash, DataToHashLen); + VOID *Sha384Ctx; - return TRUE; + Sha384Ctx = (VOID *)HashHandle; + Sha384Update (Sha384Ctx, DataToHash, DataToHashLen); + + return EFI_SUCCESS; } /** @@ -95,22 +98,24 @@ Sha384HashUpdate ( @retval EFI_SUCCESS Hash sequence complete and DigestList is returned. **/ -BOOLEAN +EFI_STATUS EFIAPI Sha384HashFinal ( - IN VOID *HashHandle, + IN HASH_HANDLE HashHandle, OUT TPML_DIGEST_VALUES *DigestList ) { UINT8 Digest[SHA384_DIGEST_SIZE]; + VOID *Sha384Ctx; - Sha384Final (HashHandle, Digest); + Sha384Ctx = (VOID *)HashHandle; + Sha384Final (Sha384Ctx, Digest); - FreePool (HashHandle); + FreePool (Sha384Ctx); Tpm2SetSha384ToDigestList (DigestList, Digest); - return TRUE; + return EFI_SUCCESS; } HASH_INTERFACE mSha384InternalHashInstance = { diff --git a/SecurityPkg/Tcg/TdTcg2Dxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/TdTcg2Dxe/MeasureBootPeCoff.c index 4d542156ba..e6e372b6b6 100644 --- a/SecurityPkg/Tcg/TdTcg2Dxe/MeasureBootPeCoff.c +++ b/SecurityPkg/Tcg/TdTcg2Dxe/MeasureBootPeCoff.c @@ -19,11 +19,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include #include #include -#include +#include #include UINTN mTcg2DxeImageSize = 0; +typedef union { + EFI_IMAGE_NT_HEADERS32 *Pe32; + EFI_IMAGE_NT_HEADERS64 *Pe32Plus; + EFI_IMAGE_OPTIONAL_HEADER_UNION *Union; +} EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION; + /** Reads contents of a PE/COFF image in memory buffer. @@ -113,25 +119,19 @@ MeasurePeImageAndExtend ( UINT32 NumberOfRvaAndSizes; UINT32 CertSize; HASH_HANDLE HashHandle; - PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; + UEFI_IMAGE_LOADER_IMAGE_CONTEXT ImageContext; HashHandle = 0xFFFFFFFF; // Know bad value Status = EFI_UNSUPPORTED; SectionHeader = NULL; - // - // Check PE/COFF image - // - ZeroMem (&ImageContext, sizeof (ImageContext)); - ImageContext.Handle = (VOID *)(UINTN)ImageAddress; - mTcg2DxeImageSize = ImageSize; - ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)Tcg2DxeImageRead; + mTcg2DxeImageSize = ImageSize; // // Get information about the image being loaded // - Status = PeCoffLoaderGetImageInfo (&ImageContext); + Status = UefiImageInitializeContext (&ImageContext, (VOID *) (UINTN) ImageAddress, ImageSize); if (EFI_ERROR (Status)) { // // The information can't be got from the invalid PeImage @@ -147,7 +147,7 @@ MeasurePeImageAndExtend ( } Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset); - if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { + if (Hdr.Pe32->CommonHeader.Signature != EFI_IMAGE_NT_SIGNATURE) { Status = EFI_UNSUPPORTED; goto Finish; } @@ -179,18 +179,18 @@ MeasurePeImageAndExtend ( // 4. Hash the image header from its base to beginning of the image checksum. // HashBase = (UINT8 *)(UINTN)ImageAddress; - if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // Use PE32 offset // - NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; - HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase; + NumberOfRvaAndSizes = Hdr.Pe32->NumberOfRvaAndSizes; + HashSize = (UINTN)(&Hdr.Pe32->CheckSum) - (UINTN)HashBase; } else { // // Use PE32+ offset // - NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; - HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase; + NumberOfRvaAndSizes = Hdr.Pe32Plus->NumberOfRvaAndSizes; + HashSize = (UINTN)(&Hdr.Pe32Plus->CheckSum) - (UINTN)HashBase; } Status = HashUpdate (HashHandle, HashBase, HashSize); @@ -206,18 +206,18 @@ MeasurePeImageAndExtend ( // 6. Since there is no Cert Directory in optional header, hash everything // from the end of the checksum to the end of image header. // - if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // Use PE32 offset. // - HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32->CheckSum + sizeof (UINT32); + HashSize = Hdr.Pe32->SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } else { // // Use PE32+ offset. // - HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32Plus->CheckSum + sizeof (UINT32); + HashSize = Hdr.Pe32Plus->SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } if (HashSize != 0) { @@ -230,18 +230,18 @@ MeasurePeImageAndExtend ( // // 7. Hash everything from the end of the checksum to the start of the Cert Directory. // - if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // Use PE32 offset // - HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; + HashBase = (UINT8 *)&Hdr.Pe32->CheckSum + sizeof (UINT32); + HashSize = (UINTN)(&Hdr.Pe32->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; } else { // // Use PE32+ offset // - HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); - HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; + HashBase = (UINT8 *)&Hdr.Pe32Plus->CheckSum + sizeof (UINT32); + HashSize = (UINTN)(&Hdr.Pe32Plus->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; } if (HashSize != 0) { @@ -255,18 +255,18 @@ MeasurePeImageAndExtend ( // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) // 9. Hash everything from the end of the Cert Directory to the end of image header. // - if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // Use PE32 offset // - HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = Hdr.Pe32->SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } else { // // Use PE32+ offset // - HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; - HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); + HashBase = (UINT8 *)&Hdr.Pe32Plus->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; + HashSize = Hdr.Pe32Plus->SizeOfHeaders - (UINTN)(HashBase - ImageAddress); } if (HashSize != 0) { @@ -280,16 +280,16 @@ MeasurePeImageAndExtend ( // // 10. Set the SUM_OF_BYTES_HASHED to the size of the header // - if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // Use PE32 offset // - SumOfBytesHashed = Hdr.Pe32->OptionalHeader.SizeOfHeaders; + SumOfBytesHashed = Hdr.Pe32->SizeOfHeaders; } else { // // Use PE32+ offset // - SumOfBytesHashed = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders; + SumOfBytesHashed = Hdr.Pe32Plus->SizeOfHeaders; } // @@ -298,7 +298,7 @@ MeasurePeImageAndExtend ( // header indicates how big the table should be. Do not include any // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. // - SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); + SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->CommonHeader.FileHeader.NumberOfSections); if (SectionHeader == NULL) { Status = EFI_OUT_OF_RESOURCES; goto Finish; @@ -315,9 +315,9 @@ MeasurePeImageAndExtend ( PeCoffHeaderOffset + sizeof (UINT32) + sizeof (EFI_IMAGE_FILE_HEADER) + - Hdr.Pe32->FileHeader.SizeOfOptionalHeader + Hdr.Pe32->CommonHeader.FileHeader.SizeOfOptionalHeader ); - for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { + for (Index = 0; Index < Hdr.Pe32->CommonHeader.FileHeader.NumberOfSections; Index++) { Pos = Index; while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) { CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER)); @@ -335,7 +335,7 @@ MeasurePeImageAndExtend ( // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED . // 15. Repeat steps 13 and 14 for all the sections in the sorted table. // - for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { + for (Index = 0; Index < Hdr.Pe32->CommonHeader.FileHeader.NumberOfSections; Index++) { Section = (EFI_IMAGE_SECTION_HEADER *)&SectionHeader[Index]; if (Section->SizeOfRawData == 0) { continue; @@ -364,16 +364,16 @@ MeasurePeImageAndExtend ( if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { CertSize = 0; } else { - if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { + if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { // // Use PE32 offset. // - CertSize = Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; + CertSize = Hdr.Pe32->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; } else { // // Use PE32+ offset. // - CertSize = Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; + CertSize = Hdr.Pe32Plus->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; } } diff --git a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf index 6861a1452d..a39dabe4e8 100644 --- a/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf +++ b/SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf @@ -46,7 +46,7 @@ HashLib PerformanceLib ReportStatusCodeLib - PeCoffLib + UefiImageLib TpmMeasurementLib TdxLib