[PATCH v5 2/3] efi_loader: add PE/COFF image measurement
Ilias Apalodimas
ilias.apalodimas at linaro.org
Wed May 12 16:08:19 CEST 2021
[...]
> +
> /**
> * efi_tcg2_hash_log_extend_event() - extend and optionally log events
> *
> @@ -758,24 +937,32 @@ efi_tcg2_hash_log_extend_event(struct efi_tcg2_protocol *this, u64 flags,
> /*
> * if PE_COFF_IMAGE is set we need to make sure the image is not
> * corrupted, verify it and hash the PE/COFF image in accordance with
> - * the procedure specified in "Calculating the PE Image Hash"
> - * section of the "Windows Authenticode Portable Executable Signature
> + * the procedure specified in "Calculating the PE Image Hash"
> + * section of the "Windows Authenticode Portable Executable Signature
> * Format"
> - * Not supported for now
> */
> if (flags & PE_COFF_IMAGE) {
> - ret = EFI_UNSUPPORTED;
> - goto out;
> - }
> + IMAGE_NT_HEADERS32 *nt;
>
> - pcr_index = efi_tcg_event->header.pcr_index;
> - event_type = efi_tcg_event->header.event_type;
> + ret = efi_check_pe((void *)data_to_hash, data_to_hash_len,
> + (void **)&nt);
> + if (ret != EFI_SUCCESS) {
> + log_err("Not a valid PE-COFF file\n");
> + goto out;
> + }
>
> - ret = tcg2_create_digest((u8 *)data_to_hash, data_to_hash_len,
> - &digest_list);
> + ret = tcg2_hash_pe_image((void *)data_to_hash, data_to_hash_len,
> + &digest_list);
> + } else {
> + ret = tcg2_create_digest((u8 *)data_to_hash, data_to_hash_len,
I think this needs a (u8 *)(uintptr_t) which is carried on from the
original code. I don't mind merging this as-is and I send a follow up.
Heinrich any preference?
> + &digest_list);
> + }
> if (ret != EFI_SUCCESS)
> goto out;
>
> + pcr_index = efi_tcg_event->header.pcr_index;
> + event_type = efi_tcg_event->header.event_type;
> +
> ret = tcg2_pcr_extend(dev, pcr_index, &digest_list);
> if (ret != EFI_SUCCESS)
> goto out;
> --
> 2.17.1
>
Cheers
/Ilias
More information about the U-Boot
mailing list