tyler.durden/audk
1
0
Fork 0
mirror of https://github.com/acidanthera/audk.git synced 2025-09-24 10:17:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

IntelTdx: Fixed compilation and boot after switching to SecurePE loader.

Browse Source
This commit is contained in:
Mikhail Krichanov 2023-06-05 19:13:46 +03:00
parent d9bb10ae3b
commit 653d1195f1
8 changed files with 108 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
OvmfPkg/IntelTdx/IntelTdxX64.dsc
View File

@ -36,6 +36,9 @@
# #
DEFINE BUILD_SHELL = TRUE DEFINE BUILD_SHELL = TRUE
DEFINE LEGACY_WINDOWS_LOADER = FALSE
DEFINE LINUX_LOADER = FALSE
# #
# Device drivers # Device drivers
# #
@ -99,12 +102,6 @@
GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED GCC:*_*_*_CC_FLAGS = -D SECURE_BOOT_FEATURE_ENABLED
!endif !endif
[BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]
GCC:*_*_*_DLINK_FLAGS = -z common-page-size=0x1000
XCODE:*_*_*_DLINK_FLAGS = -seg1addr 0x1000 -segalign 0x1000
XCODE:*_*_*_MTOC_FLAGS = -align 0x1000
CLANGPDB:*_*_*_DLINK_FLAGS = /ALIGN:4096
################################################################################ ################################################################################
# #
# SKU Identification section - list of all SKU IDs supported by this Platform. # SKU Identification section - list of all SKU IDs supported by this Platform.
@ -134,7 +131,8 @@
SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf
CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf CpuLib|MdePkg/Library/BaseCpuLib/BaseCpuLib.inf
PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf PerformanceLib|MdePkg/Library/BasePerformanceLibNull/BasePerformanceLibNull.inf
PeCoffLib|MdePkg/Library/BasePeCoffLib/BasePeCoffLib.inf PeCoffLib2|MdePkg/Library/BasePeCoffLib2/BasePeCoffLib2.inf
UefiImageLib|MdePkg/Library/BaseUefiImageLib/BaseUefiImageLibPeCoff.inf
CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf CacheMaintenanceLib|MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf
UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.inf UefiDecompressLib|MdePkg/Library/BaseUefiDecompressLib/BaseUefiDecompressLib.inf
UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf UefiHiiServicesLib|MdeModulePkg/Library/UefiHiiServicesLib/UefiHiiServicesLib.inf
@ -146,7 +144,6 @@
CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf CapsuleLib|MdeModulePkg/Library/DxeCapsuleLibNull/DxeCapsuleLibNull.inf
DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf
DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf DxeServicesTableLib|MdePkg/Library/DxeServicesTableLib/DxeServicesTableLib.inf
PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf
PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf PciCf8Lib|MdePkg/Library/BasePciCf8Lib/BasePciCf8Lib.inf
PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf PciExpressLib|MdePkg/Library/BasePciExpressLib/BasePciExpressLib.inf
PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf PciLib|MdePkg/Library/BasePciLibCf8/BasePciLibCf8.inf
@ -185,9 +182,14 @@
CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
PeCoffExtraActionLib|MdePkg/Library/BasePeCoffExtraActionLibNull/BasePeCoffExtraActionLibNull.inf
DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf DebugAgentLib|MdeModulePkg/Library/DebugAgentLibNull/DebugAgentLibNull.inf
!if $(SOURCE_DEBUG_ENABLE) == TRUE
UefiImageExtraActionLib|SourceLevelDebugPkg/Library/UefiImageExtraActionLibDebug/UefiImageExtraActionLibDebug.inf
!else
UefiImageExtraActionLib|MdePkg/Library/BaseUefiImageExtraActionLibNull/BaseUefiImageExtraActionLibNull.inf
!endif
LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf LocalApicLib|UefiCpuPkg/Library/BaseXApicX2ApicLib/BaseXApicX2ApicLib.inf
DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf
@ -470,6 +472,21 @@
# Point to the MdeModulePkg/Application/UiApp/UiApp.inf # Point to the MdeModulePkg/Application/UiApp/UiApp.inf
gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 } gEfiMdeModulePkgTokenSpaceGuid.PcdBootManagerMenuFile|{ 0x21, 0xaa, 0x2c, 0x46, 0x14, 0x76, 0x03, 0x45, 0x83, 0x6e, 0x8a, 0xb6, 0xf4, 0x66, 0x23, 0x31 }
#
# Security measures for memory protection.
#
!if $(LEGACY_WINDOWS_LOADER) == TRUE
# Allow execution of EfiLoaderData memory regions.
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xFFFFFFFFFFFFFFD1
!elseif $(LINUX_LOADER) == TRUE
# Allow execution of EfiReservedMemoryType, EfiConventionalMemory, EfiBootServicesData and EfiLoaderData memory regions.
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xFFFFFFFFFFFFFF40
gEfiMdePkgTokenSpaceGuid.PcdImageLoaderAllowMisalignedOffset|TRUE
!else
# Allow execution of EfiConventionalMemory and EfiBootServicesData memory regions.
gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xFFFFFFFFFFFFFF45
!endif
################################################################################ ################################################################################
# #
# Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform # Pcd Dynamic Section - list of all EDK II PCD Entries defined by this Platform

2
OvmfPkg/IntelTdx/Sec/SecMain.c
View File

@ -19,8 +19,6 @@
#include <Library/UefiCpuLib.h> #include <Library/UefiCpuLib.h>
#include <Library/DebugAgentLib.h> #include <Library/DebugAgentLib.h>
#include <Library/IoLib.h> #include <Library/IoLib.h>
#include <Library/PeCoffLib.h>
#include <Library/PeCoffGetEntryPointLib.h>
#include <Library/LocalApicLib.h> #include <Library/LocalApicLib.h>
#include <Library/CpuExceptionHandlerLib.h> #include <Library/CpuExceptionHandlerLib.h>
#include <IndustryStandard/Tdx.h> #include <IndustryStandard/Tdx.h>

3
OvmfPkg/IntelTdx/Sec/SecMain.inf
View File

@ -40,9 +40,6 @@
UefiCpuLib UefiCpuLib
DebugAgentLib DebugAgentLib
IoLib IoLib
PeCoffLib
PeCoffGetEntryPointLib
PeCoffExtraActionLib
ExtractGuidedSectionLib ExtractGuidedSectionLib
LocalApicLib LocalApicLib
MemEncryptSevLib MemEncryptSevLib

12
OvmfPkg/Library/PeilessStartupLib/DxeLoad.c
View File

@ -194,6 +194,7 @@ FindDxeNonCc (
EFI_FV_INFO FvImageInfo; EFI_FV_INFO FvImageInfo;
UINT32 FvAlignment; UINT32 FvAlignment;
VOID *FvBuffer; VOID *FvBuffer;
UINT32 FvImageSize;
FileHandle = NULL; FileHandle = NULL;
@ -209,7 +210,7 @@ FindDxeNonCc (
// //
// Find FvImage in FvFile // Find FvImage in FvFile
// //
Status = FfsFindSectionDataWithHook (EFI_SECTION_FIRMWARE_VOLUME_IMAGE, CheckSectionHookForDxeNonCc, FileHandle, (VOID **)&FvImageHandle); Status = FfsFindSectionDataWithHook (EFI_SECTION_FIRMWARE_VOLUME_IMAGE, CheckSectionHookForDxeNonCc, FileHandle, (VOID **)&FvImageHandle, &FvImageSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
@ -281,10 +282,11 @@ DxeLoadCore (
EFI_STATUS Status; EFI_STATUS Status;
EFI_FV_FILE_INFO DxeCoreFileInfo; EFI_FV_FILE_INFO DxeCoreFileInfo;
EFI_PHYSICAL_ADDRESS DxeCoreAddress; EFI_PHYSICAL_ADDRESS DxeCoreAddress;
UINT64 DxeCoreSize; UINT32 DxeCoreSize;
EFI_PHYSICAL_ADDRESS DxeCoreEntryPoint; EFI_PHYSICAL_ADDRESS DxeCoreEntryPoint;
EFI_PEI_FILE_HANDLE FileHandle; EFI_PEI_FILE_HANDLE FileHandle;
VOID *PeCoffImage; VOID *UefiImage;
UINT32 UefiImageSize;
// //
// Look in all the FVs present and find the DXE Core FileHandle // Look in all the FVs present and find the DXE Core FileHandle
@ -303,12 +305,12 @@ DxeLoadCore (
// //
// Load the DXE Core from a Firmware Volume. // Load the DXE Core from a Firmware Volume.
// //
Status = FfsFindSectionDataWithHook (EFI_SECTION_PE32, NULL, FileHandle, &PeCoffImage); Status = FfsFindSectionDataWithHook (EFI_SECTION_PE32, NULL, FileHandle, &UefiImage, &UefiImageSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
return Status; return Status;
} }
Status = LoadPeCoffImage (PeCoffImage, &DxeCoreAddress, &DxeCoreSize, &DxeCoreEntryPoint); Status = LoadUefiImage (UefiImage, UefiImageSize, &DxeCoreAddress, &DxeCoreSize, &DxeCoreEntryPoint);
ASSERT_EFI_ERROR (Status); ASSERT_EFI_ERROR (Status);
// //

27
SecurityPkg/Include/Library/HashLib.h
View File

@ -14,6 +14,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Uefi.h> #include <Uefi.h>
#include <Protocol/Hash.h> #include <Protocol/Hash.h>
#include <IndustryStandard/Tpm20.h> #include <IndustryStandard/Tpm20.h>
typedef UINTN HASH_HANDLE;
/** /**
Start hash sequence. Start hash sequence.
@ -23,10 +24,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
@retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
@retval EFI_OUT_OF_RESOURCES No enough resource to start hash. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
**/ **/
BOOLEAN EFI_STATUS
EFIAPI EFIAPI
HashStart ( HashStart (
OUT VOID **HashHandle OUT HASH_HANDLE *HashHandle
); );
/** /**
@ -38,11 +39,11 @@ HashStart (
@retval EFI_SUCCESS Hash sequence updated. @retval EFI_SUCCESS Hash sequence updated.
**/ **/
BOOLEAN EFI_STATUS
EFIAPI EFIAPI
HashUpdate ( HashUpdate (
IN VOID *HashHandle, IN HASH_HANDLE HashHandle,
IN CONST VOID *DataToHash, IN VOID *DataToHash,
IN UINTN DataToHashLen IN UINTN DataToHashLen
); );
@ -60,7 +61,7 @@ HashUpdate (
EFI_STATUS EFI_STATUS
EFIAPI EFIAPI
HashCompleteAndExtend ( HashCompleteAndExtend (
IN VOID *HashHandle, IN HASH_HANDLE HashHandle,
IN TPMI_DH_PCR PcrIndex, IN TPMI_DH_PCR PcrIndex,
IN VOID *DataToHash, IN VOID *DataToHash,
IN UINTN DataToHashLen, IN UINTN DataToHashLen,
@ -95,9 +96,9 @@ HashAndExtend (
@retval EFI_OUT_OF_RESOURCES No enough resource to start hash. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
**/ **/
typedef typedef
BOOLEAN EFI_STATUS
(EFIAPI *HASH_INIT)( (EFIAPI *HASH_INIT)(
OUT VOID **HashHandle OUT HASH_HANDLE *HashHandle
); );
/** /**
@ -110,10 +111,10 @@ BOOLEAN
@retval EFI_SUCCESS Hash sequence updated. @retval EFI_SUCCESS Hash sequence updated.
**/ **/
typedef typedef
BOOLEAN EFI_STATUS
(EFIAPI *HASH_UPDATE)( (EFIAPI *HASH_UPDATE)(
IN VOID *HashHandle, IN HASH_HANDLE HashHandle,
IN CONST VOID *DataToHash, IN VOID *DataToHash,
IN UINTN DataToHashLen IN UINTN DataToHashLen
); );
@ -126,9 +127,9 @@ BOOLEAN
@retval EFI_SUCCESS Hash sequence complete and DigestList is returned. @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
**/ **/
typedef typedef
BOOLEAN EFI_STATUS
(EFIAPI *HASH_FINAL)( (EFIAPI *HASH_FINAL)(
IN VOID *HashHandle, IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList OUT TPML_DIGEST_VALUES *DigestList
); );

33
SecurityPkg/Library/HashInstanceLibSha384/HashInstanceLibSha384.c
View File

@ -45,10 +45,10 @@ Tpm2SetSha384ToDigestList (
@retval EFI_SUCCESS Hash sequence start and HandleHandle returned. @retval EFI_SUCCESS Hash sequence start and HandleHandle returned.
@retval EFI_OUT_OF_RESOURCES No enough resource to start hash. @retval EFI_OUT_OF_RESOURCES No enough resource to start hash.
**/ **/
BOOLEAN EFI_STATUS
EFIAPI EFIAPI
Sha384HashInit ( Sha384HashInit (
OUT VOID **HashHandle OUT HASH_HANDLE *HashHandle
) )
{ {
VOID *Sha384Ctx; VOID *Sha384Ctx;
@ -60,9 +60,9 @@ Sha384HashInit (
Sha384Init (Sha384Ctx); Sha384Init (Sha384Ctx);
*HashHandle = Sha384Ctx; *HashHandle = (HASH_HANDLE)Sha384Ctx;
return TRUE; return EFI_SUCCESS;
} }
/** /**
@ -74,17 +74,20 @@ Sha384HashInit (
@retval EFI_SUCCESS Hash sequence updated. @retval EFI_SUCCESS Hash sequence updated.
**/ **/
BOOLEAN EFI_STATUS
EFIAPI EFIAPI
Sha384HashUpdate ( Sha384HashUpdate (
IN VOID *HashHandle, IN HASH_HANDLE HashHandle,
IN CONST VOID *DataToHash, IN VOID *DataToHash,
IN UINTN DataToHashLen IN UINTN DataToHashLen
) )
{ {
Sha384Update (HashHandle, DataToHash, DataToHashLen); VOID *Sha384Ctx;
return TRUE; Sha384Ctx = (VOID *)HashHandle;
Sha384Update (Sha384Ctx, DataToHash, DataToHashLen);
return EFI_SUCCESS;
} }
/** /**
@ -95,22 +98,24 @@ Sha384HashUpdate (
@retval EFI_SUCCESS Hash sequence complete and DigestList is returned. @retval EFI_SUCCESS Hash sequence complete and DigestList is returned.
**/ **/
BOOLEAN EFI_STATUS
EFIAPI EFIAPI
Sha384HashFinal ( Sha384HashFinal (
IN VOID *HashHandle, IN HASH_HANDLE HashHandle,
OUT TPML_DIGEST_VALUES *DigestList OUT TPML_DIGEST_VALUES *DigestList
) )
{ {
UINT8 Digest[SHA384_DIGEST_SIZE]; UINT8 Digest[SHA384_DIGEST_SIZE];
VOID *Sha384Ctx;
Sha384Final (HashHandle, Digest); Sha384Ctx = (VOID *)HashHandle;
Sha384Final (Sha384Ctx, Digest);
FreePool (HashHandle); FreePool (Sha384Ctx);
Tpm2SetSha384ToDigestList (DigestList, Digest); Tpm2SetSha384ToDigestList (DigestList, Digest);
return TRUE; return EFI_SUCCESS;
} }
HASH_INTERFACE mSha384InternalHashInstance = { HASH_INTERFACE mSha384InternalHashInstance = {

80
SecurityPkg/Tcg/TdTcg2Dxe/MeasureBootPeCoff.c
View File

@ -19,11 +19,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
#include <Library/MemoryAllocationLib.h> #include <Library/MemoryAllocationLib.h>
#include <Library/DevicePathLib.h> #include <Library/DevicePathLib.h>
#include <Library/UefiBootServicesTableLib.h> #include <Library/UefiBootServicesTableLib.h>
#include <Library/PeCoffLib.h> #include <Library/UefiImageLib.h>
#include <Library/HashLib.h> #include <Library/HashLib.h>
UINTN mTcg2DxeImageSize = 0; UINTN mTcg2DxeImageSize = 0;
typedef union {
EFI_IMAGE_NT_HEADERS32 *Pe32;
EFI_IMAGE_NT_HEADERS64 *Pe32Plus;
EFI_IMAGE_OPTIONAL_HEADER_UNION *Union;
} EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION;
/** /**
Reads contents of a PE/COFF image in memory buffer. Reads contents of a PE/COFF image in memory buffer.
@ -113,25 +119,19 @@ MeasurePeImageAndExtend (
UINT32 NumberOfRvaAndSizes; UINT32 NumberOfRvaAndSizes;
UINT32 CertSize; UINT32 CertSize;
HASH_HANDLE HashHandle; HASH_HANDLE HashHandle;
PE_COFF_LOADER_IMAGE_CONTEXT ImageContext; UEFI_IMAGE_LOADER_IMAGE_CONTEXT ImageContext;
HashHandle = 0xFFFFFFFF; // Know bad value HashHandle = 0xFFFFFFFF; // Know bad value
Status = EFI_UNSUPPORTED; Status = EFI_UNSUPPORTED;
SectionHeader = NULL; SectionHeader = NULL;
//
// Check PE/COFF image
//
ZeroMem (&ImageContext, sizeof (ImageContext));
ImageContext.Handle = (VOID *)(UINTN)ImageAddress;
mTcg2DxeImageSize = ImageSize; mTcg2DxeImageSize = ImageSize;
ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)Tcg2DxeImageRead;
// //
// Get information about the image being loaded // Get information about the image being loaded
// //
Status = PeCoffLoaderGetImageInfo (&ImageContext); Status = UefiImageInitializeContext (&ImageContext, (VOID *) (UINTN) ImageAddress, ImageSize);
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
// //
// The information can't be got from the invalid PeImage // The information can't be got from the invalid PeImage
@ -147,7 +147,7 @@ MeasurePeImageAndExtend (
} }
Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset); Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *)(UINTN)ImageAddress + PeCoffHeaderOffset);
if (Hdr.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) { if (Hdr.Pe32->CommonHeader.Signature != EFI_IMAGE_NT_SIGNATURE) {
Status = EFI_UNSUPPORTED; Status = EFI_UNSUPPORTED;
goto Finish; goto Finish;
} }
@ -179,18 +179,18 @@ MeasurePeImageAndExtend (
// 4. Hash the image header from its base to beginning of the image checksum. // 4. Hash the image header from its base to beginning of the image checksum.
// //
HashBase = (UINT8 *)(UINTN)ImageAddress; HashBase = (UINT8 *)(UINTN)ImageAddress;
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
NumberOfRvaAndSizes = Hdr.Pe32->OptionalHeader.NumberOfRvaAndSizes; NumberOfRvaAndSizes = Hdr.Pe32->NumberOfRvaAndSizes;
HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase; HashSize = (UINTN)(&Hdr.Pe32->CheckSum) - (UINTN)HashBase;
} else { } else {
// //
// Use PE32+ offset // Use PE32+ offset
// //
NumberOfRvaAndSizes = Hdr.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes; NumberOfRvaAndSizes = Hdr.Pe32Plus->NumberOfRvaAndSizes;
HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase; HashSize = (UINTN)(&Hdr.Pe32Plus->CheckSum) - (UINTN)HashBase;
} }
Status = HashUpdate (HashHandle, HashBase, HashSize); Status = HashUpdate (HashHandle, HashBase, HashSize);
@ -206,18 +206,18 @@ MeasurePeImageAndExtend (
// 6. Since there is no Cert Directory in optional header, hash everything // 6. Since there is no Cert Directory in optional header, hash everything
// from the end of the checksum to the end of image header. // from the end of the checksum to the end of image header.
// //
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&Hdr.Pe32->CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); HashSize = Hdr.Pe32->SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else { } else {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&Hdr.Pe32Plus->CheckSum + sizeof (UINT32);
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); HashSize = Hdr.Pe32Plus->SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} }
if (HashSize != 0) { if (HashSize != 0) {
@ -230,18 +230,18 @@ MeasurePeImageAndExtend (
// //
// 7. Hash everything from the end of the checksum to the start of the Cert Directory. // 7. Hash everything from the end of the checksum to the start of the Cert Directory.
// //
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&Hdr.Pe32->CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; HashSize = (UINTN)(&Hdr.Pe32->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} else { } else {
// //
// Use PE32+ offset // Use PE32+ offset
// //
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32); HashBase = (UINT8 *)&Hdr.Pe32Plus->CheckSum + sizeof (UINT32);
HashSize = (UINTN)(&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase; HashSize = (UINTN)(&Hdr.Pe32Plus->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} }
if (HashSize != 0) { if (HashSize != 0) {
@ -255,18 +255,18 @@ MeasurePeImageAndExtend (
// 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.)
// 9. Hash everything from the end of the Cert Directory to the end of image header. // 9. Hash everything from the end of the Cert Directory to the end of image header.
// //
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
HashBase = (UINT8 *)&Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashBase = (UINT8 *)&Hdr.Pe32->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); HashSize = Hdr.Pe32->SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} else { } else {
// //
// Use PE32+ offset // Use PE32+ offset
// //
HashBase = (UINT8 *)&Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1]; HashBase = (UINT8 *)&Hdr.Pe32Plus->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
HashSize = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders - (UINTN)(HashBase - ImageAddress); HashSize = Hdr.Pe32Plus->SizeOfHeaders - (UINTN)(HashBase - ImageAddress);
} }
if (HashSize != 0) { if (HashSize != 0) {
@ -280,16 +280,16 @@ MeasurePeImageAndExtend (
// //
// 10. Set the SUM_OF_BYTES_HASHED to the size of the header // 10. Set the SUM_OF_BYTES_HASHED to the size of the header
// //
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset // Use PE32 offset
// //
SumOfBytesHashed = Hdr.Pe32->OptionalHeader.SizeOfHeaders; SumOfBytesHashed = Hdr.Pe32->SizeOfHeaders;
} else { } else {
// //
// Use PE32+ offset // Use PE32+ offset
// //
SumOfBytesHashed = Hdr.Pe32Plus->OptionalHeader.SizeOfHeaders; SumOfBytesHashed = Hdr.Pe32Plus->SizeOfHeaders;
} }
// //
@ -298,7 +298,7 @@ MeasurePeImageAndExtend (
// header indicates how big the table should be. Do not include any // header indicates how big the table should be. Do not include any
// IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero. // IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
// //
SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->FileHeader.NumberOfSections); SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * Hdr.Pe32->CommonHeader.FileHeader.NumberOfSections);
if (SectionHeader == NULL) { if (SectionHeader == NULL) {
Status = EFI_OUT_OF_RESOURCES; Status = EFI_OUT_OF_RESOURCES;
goto Finish; goto Finish;
@ -315,9 +315,9 @@ MeasurePeImageAndExtend (
PeCoffHeaderOffset + PeCoffHeaderOffset +
sizeof (UINT32) + sizeof (UINT32) +
sizeof (EFI_IMAGE_FILE_HEADER) + sizeof (EFI_IMAGE_FILE_HEADER) +
Hdr.Pe32->FileHeader.SizeOfOptionalHeader Hdr.Pe32->CommonHeader.FileHeader.SizeOfOptionalHeader
); );
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { for (Index = 0; Index < Hdr.Pe32->CommonHeader.FileHeader.NumberOfSections; Index++) {
Pos = Index; Pos = Index;
while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) { while ((Pos > 0) && (Section->PointerToRawData < SectionHeader[Pos - 1].PointerToRawData)) {
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER)); CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
@ -335,7 +335,7 @@ MeasurePeImageAndExtend (
// 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED . // 14. Add the section's 'SizeOfRawData' to SUM_OF_BYTES_HASHED .
// 15. Repeat steps 13 and 14 for all the sections in the sorted table. // 15. Repeat steps 13 and 14 for all the sections in the sorted table.
// //
for (Index = 0; Index < Hdr.Pe32->FileHeader.NumberOfSections; Index++) { for (Index = 0; Index < Hdr.Pe32->CommonHeader.FileHeader.NumberOfSections; Index++) {
Section = (EFI_IMAGE_SECTION_HEADER *)&SectionHeader[Index]; Section = (EFI_IMAGE_SECTION_HEADER *)&SectionHeader[Index];
if (Section->SizeOfRawData == 0) { if (Section->SizeOfRawData == 0) {
continue; continue;
@ -364,16 +364,16 @@ MeasurePeImageAndExtend (
if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
CertSize = 0; CertSize = 0;
} else { } else {
if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { if (Hdr.Pe32->Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) {
// //
// Use PE32 offset. // Use PE32 offset.
// //
CertSize = Hdr.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; CertSize = Hdr.Pe32->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
} else { } else {
// //
// Use PE32+ offset. // Use PE32+ offset.
// //
CertSize = Hdr.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size; CertSize = Hdr.Pe32Plus->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY].Size;
} }
} }

2
SecurityPkg/Tcg/TdTcg2Dxe/TdTcg2Dxe.inf
View File

@ -46,7 +46,7 @@
HashLib HashLib
PerformanceLib PerformanceLib
ReportStatusCodeLib ReportStatusCodeLib
PeCoffLib UefiImageLib
TpmMeasurementLib TpmMeasurementLib
TdxLib TdxLib