[PATCH] efi_loader: Allow overlapped extra data for PE hashing

Su, Bao Cheng baocheng.su at siemens.com
Fri Jun 24 07:32:51 CEST 2022


During PE hashing, when holes exists between sections, the extra data
calculated could be a dupulicated region of the last section.

Such PE image with holes existing between sections may contain the
symbol table for the kernel, for example.

The Authenticode_PE spec does not rule how to deal with such scenario,
however, other tools such as pesign and sbsign both have the overlapped
regions hashed. And EDK2 hash the overlapped area as well.

Signed-off-by: Baocheng Su <baocheng.su at siemens.com>
---
 lib/efi_loader/efi_image_loader.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/efi_loader/efi_image_loader.c
b/lib/efi_loader/efi_image_loader.c
index 9611398885..d85fb6ba08 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -481,7 +481,7 @@ bool efi_image_parse(void *efi, size_t len, struct
efi_image_regions **regp,
 		EFI_PRINT("extra data for hash: %zu\n",
 			  len - (bytes_hashed + authsz));
 		efi_image_region_add(regs, efi + bytes_hashed,
-				     efi + len - authsz, 0);
+				     efi + len - authsz, 1);
 	}
 
 	/* Return Certificates Table */
-- 
2.30.2




More information about the U-Boot mailing list