[PATCH v5 2/3] efi_loader: add PE/COFF image measurement

Ilias Apalodimas ilias.apalodimas at linaro.org
Wed May 12 16:08:19 CEST 2021


[...]
> +
>  /**
>   * efi_tcg2_hash_log_extend_event() - extend and optionally log events
>   *
> @@ -758,24 +937,32 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
>  	/*
>  	 * if PE_COFF_IMAGE is set we need to make sure the image is not
>  	 * corrupted, verify it and hash the PE/COFF image in accordance with
> -	 * the  procedure  specified  in  "Calculating  the  PE  Image  Hash"
> -	 * section  of the "Windows Authenticode Portable Executable Signature
> +	 * the procedure specified in "Calculating the PE Image Hash"
> +	 * section of the "Windows Authenticode Portable Executable Signature
>  	 * Format"
> -	 * Not supported for now
>  	 */
>  	if (flags & PE_COFF_IMAGE) {
> -		ret = EFI_UNSUPPORTED;
> -		goto out;
> -	}
> +		IMAGE_NT_HEADERS32 *nt;
>  
> -	pcr_index = efi_tcg_event->header.pcr_index;
> -	event_type = efi_tcg_event->header.event_type;
> +		ret = efi_check_pe((void *)data_to_hash, data_to_hash_len,
> +				   (void **)&nt);
> +		if (ret != EFI_SUCCESS) {
> +			log_err("Not a valid PE-COFF file\n");
> +			goto out;
> +		}
>  
> -	ret = tcg2_create_digest((u8 *)data_to_hash, data_to_hash_len,
> -				 &digest_list);
> +		ret = tcg2_hash_pe_image((void *)data_to_hash, data_to_hash_len,
> +					 &digest_list);
> +	} else {
> +		ret = tcg2_create_digest((u8 *)data_to_hash, data_to_hash_len,

I think this needs a (u8 *)(uintptr_t) which is carried on from the
original code.  I don't mind merging this as-is and I send a follow up.
Heinrich any preference?

> +					 &digest_list);
> +	}
>  	if (ret != EFI_SUCCESS)
>  		goto out;
>  
> +	pcr_index = efi_tcg_event->header.pcr_index;
> +	event_type = efi_tcg_event->header.event_type;
> +
>  	ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
>  	if (ret != EFI_SUCCESS)
>  		goto out;
> -- 
> 2.17.1
> 

Cheers
/Ilias


More information about the U-Boot mailing list