OvmfPkg/X86QemuLoadImageLib: handle EFI_ACCESS_DENIED from LoadImage()

When an image fails Secure Boot validation, LoadImage() returns EFI_SECURITY_VIOLATION if the platform policy is DEFER_EXECUTE_ON_SECURITY_VIOLATION. If the platform policy is DENY_EXECUTE_ON_SECURITY_VIOLATION, then LoadImage() returns EFI_ACCESS_DENIED (and the image does not remain loaded). (Before <https://bugzilla.tianocore.org/show_bug.cgi?id=2129>, this difference would be masked, as DxeImageVerificationLib would incorrectly return EFI_SECURITY_VIOLATION for DENY_EXECUTE_ON_SECURITY_VIOLATION as well.) In X86QemuLoadImageLib, proceed to the legacy Linux/x86 Boot Protocol upon seeing EFI_ACCESS_DENIED too. Cc: Ard Biesheuvel <ard.biesheuvel@arm.com> Cc: Jordan Justen <jordan.l.justen@intel.com> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=2785 Signed-off-by: Laszlo Ersek <lersek@redhat.com> Message-Id: <20200605235242.32442-1-lersek@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com>
2020-06-06 01:52:42 +02:00 · 2020-06-06 01:52:42 +02:00 · dafce295e6
parent 82e0b2f043
commit dafce295e6
1 changed files with 10 additions and 4 deletions
--- a/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
+++ b/OvmfPkg/Library/X86QemuLoadImageLib/X86QemuLoadImageLib.c
@ -320,15 +320,21 @@ QemuLoadKernelImage (

  case EFI_SECURITY_VIOLATION:
    //
-    // We are running with UEFI secure boot enabled, and the image failed to
-    // authenticate. For compatibility reasons, we fall back to the legacy
-    // loader in this case. Since the image has been loaded, we need to unload
-    // it before proceeding
+    // Since the image has been loaded, we need to unload it before proceeding
+    // to the EFI_ACCESS_DENIED case below.
    //
    gBS->UnloadImage (KernelImageHandle);
    //
    // Fall through
    //
+  case EFI_ACCESS_DENIED:
+    //
+    // We are running with UEFI secure boot enabled, and the image failed to
+    // authenticate. For compatibility reasons, we fall back to the legacy
+    // loader in this case.
+    //
+    // Fall through
+    //
  case EFI_UNSUPPORTED:
    //
    // The image is not natively supported or cross-type supported. Let's try