summaryrefslogtreecommitdiffstats
path: root/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
diff options
context:
space:
mode:
Diffstat (limited to 'SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c')
-rw-r--r--SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c807
1 files changed, 420 insertions, 387 deletions
diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 77b0e764a5..66e2f5eaa3 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -24,17 +24,17 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
// Caution: This is used by a function which may receive untrusted input.
// These global variables hold PE/COFF image data, and they should be validated before use.
//
-EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
-UINT32 mPeCoffHeaderOffset;
-EFI_GUID mCertType;
+EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION mNtHeader;
+UINT32 mPeCoffHeaderOffset;
+EFI_GUID mCertType;
//
// Information on current PE/COFF image
//
-UINTN mImageSize;
-UINT8 *mImageBase = NULL;
-UINT8 mImageDigest[MAX_DIGEST_SIZE];
-UINTN mImageDigestSize;
+UINTN mImageSize;
+UINT8 *mImageBase = NULL;
+UINT8 mImageDigest[MAX_DIGEST_SIZE];
+UINTN mImageDigestSize;
//
// Notify string for authorization UI.
@@ -44,33 +44,32 @@ CHAR16 mNotifyString2[MAX_NOTIFY_STRING_LEN] = L"Launch this image anyway? (Yes
//
// Public Exponent of RSA Key.
//
-CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
-
+CONST UINT8 mRsaE[] = { 0x01, 0x00, 0x01 };
//
// OID ASN.1 Value for Hash Algorithms
//
-UINT8 mHashOidValue[] = {
- 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384
- 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512
- };
-
-HASH_TABLE mHash[] = {
-#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
- { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },
-#else
- { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, NULL, NULL },
-#endif
- { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL },
- { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final},
- { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final},
- { L"SHA512", 64, &mHashOidValue[32], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final}
+UINT8 mHashOidValue[] = {
+ 0x2B, 0x0E, 0x03, 0x02, 0x1A, // OBJ_sha1
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04, // OBJ_sha224
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, // OBJ_sha256
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02, // OBJ_sha384
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03, // OBJ_sha512
+};
+
+HASH_TABLE mHash[] = {
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
+ { L"SHA1", 20, &mHashOidValue[0], 5, Sha1GetContextSize, Sha1Init, Sha1Update, Sha1Final },
+ #else
+ { L"SHA1", 20, &mHashOidValue[0], 5, NULL, NULL, NULL, NULL },
+ #endif
+ { L"SHA224", 28, &mHashOidValue[5], 9, NULL, NULL, NULL, NULL },
+ { L"SHA256", 32, &mHashOidValue[14], 9, Sha256GetContextSize, Sha256Init, Sha256Update, Sha256Final },
+ { L"SHA384", 48, &mHashOidValue[23], 9, Sha384GetContextSize, Sha384Init, Sha384Update, Sha384Final },
+ { L"SHA512", 64, &mHashOidValue[32], 9, Sha512GetContextSize, Sha512Init, Sha512Update, Sha512Final }
};
-EFI_STRING mHashTypeStr;
+EFI_STRING mHashTypeStr;
/**
SecureBoot Hook for processing image verification.
@@ -85,10 +84,10 @@ EFI_STRING mHashTypeStr;
VOID
EFIAPI
SecureBootHook (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINTN DataSize,
- IN VOID *Data
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINTN DataSize,
+ IN VOID *Data
);
/**
@@ -109,15 +108,15 @@ SecureBootHook (
EFI_STATUS
EFIAPI
DxeImageVerificationLibImageRead (
- IN VOID *FileHandle,
- IN UINTN FileOffset,
- IN OUT UINTN *ReadSize,
- OUT VOID *Buffer
+ IN VOID *FileHandle,
+ IN UINTN FileOffset,
+ IN OUT UINTN *ReadSize,
+ OUT VOID *Buffer
)
{
- UINTN EndPosition;
+ UINTN EndPosition;
- if (FileHandle == NULL || ReadSize == NULL || Buffer == NULL) {
+ if ((FileHandle == NULL) || (ReadSize == NULL) || (Buffer == NULL)) {
return EFI_INVALID_PARAMETER;
}
@@ -134,12 +133,11 @@ DxeImageVerificationLibImageRead (
*ReadSize = 0;
}
- CopyMem (Buffer, (UINT8 *)((UINTN) FileHandle + FileOffset), *ReadSize);
+ CopyMem (Buffer, (UINT8 *)((UINTN)FileHandle + FileOffset), *ReadSize);
return EFI_SUCCESS;
}
-
/**
Get the image type.
@@ -151,13 +149,13 @@ DxeImageVerificationLibImageRead (
**/
UINT32
GetImageType (
- IN CONST EFI_DEVICE_PATH_PROTOCOL *File
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File
)
{
- EFI_STATUS Status;
- EFI_HANDLE DeviceHandle;
- EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;
- EFI_BLOCK_IO_PROTOCOL *BlockIo;
+ EFI_STATUS Status;
+ EFI_HANDLE DeviceHandle;
+ EFI_DEVICE_PATH_PROTOCOL *TempDevicePath;
+ EFI_BLOCK_IO_PROTOCOL *BlockIo;
if (File == NULL) {
return IMAGE_UNKNOWN;
@@ -166,13 +164,13 @@ GetImageType (
//
// First check to see if File is from a Firmware Volume
//
- DeviceHandle = NULL;
- TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
- Status = gBS->LocateDevicePath (
- &gEfiFirmwareVolume2ProtocolGuid,
- &TempDevicePath,
- &DeviceHandle
- );
+ DeviceHandle = NULL;
+ TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
+ Status = gBS->LocateDevicePath (
+ &gEfiFirmwareVolume2ProtocolGuid,
+ &TempDevicePath,
+ &DeviceHandle
+ );
if (!EFI_ERROR (Status)) {
Status = gBS->OpenProtocol (
DeviceHandle,
@@ -191,23 +189,23 @@ GetImageType (
// Next check to see if File is from a Block I/O device
//
DeviceHandle = NULL;
- TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
- Status = gBS->LocateDevicePath (
- &gEfiBlockIoProtocolGuid,
- &TempDevicePath,
- &DeviceHandle
- );
+ TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
+ Status = gBS->LocateDevicePath (
+ &gEfiBlockIoProtocolGuid,
+ &TempDevicePath,
+ &DeviceHandle
+ );
if (!EFI_ERROR (Status)) {
BlockIo = NULL;
- Status = gBS->OpenProtocol (
- DeviceHandle,
- &gEfiBlockIoProtocolGuid,
- (VOID **) &BlockIo,
- NULL,
- NULL,
- EFI_OPEN_PROTOCOL_GET_PROTOCOL
- );
- if (!EFI_ERROR (Status) && BlockIo != NULL) {
+ Status = gBS->OpenProtocol (
+ DeviceHandle,
+ &gEfiBlockIoProtocolGuid,
+ (VOID **)&BlockIo,
+ NULL,
+ NULL,
+ EFI_OPEN_PROTOCOL_GET_PROTOCOL
+ );
+ if (!EFI_ERROR (Status) && (BlockIo != NULL)) {
if (BlockIo->Media != NULL) {
if (BlockIo->Media->RemovableMedia) {
//
@@ -229,12 +227,12 @@ GetImageType (
// the device path supports the Simple File System Protocol.
//
DeviceHandle = NULL;
- TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
- Status = gBS->LocateDevicePath (
- &gEfiSimpleFileSystemProtocolGuid,
- &TempDevicePath,
- &DeviceHandle
- );
+ TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
+ Status = gBS->LocateDevicePath (
+ &gEfiSimpleFileSystemProtocolGuid,
+ &TempDevicePath,
+ &DeviceHandle
+ );
if (!EFI_ERROR (Status)) {
//
// Simple File System is present without Block I/O, so assume media is fixed.
@@ -246,27 +244,30 @@ GetImageType (
// File is not from an FV, Block I/O or Simple File System, so the only options
// left are a PCI Option ROM and a Load File Protocol such as a PXE Boot from a NIC.
//
- TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *) File;
+ TempDevicePath = (EFI_DEVICE_PATH_PROTOCOL *)File;
while (!IsDevicePathEndType (TempDevicePath)) {
switch (DevicePathType (TempDevicePath)) {
+ case MEDIA_DEVICE_PATH:
+ if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) {
+ return IMAGE_FROM_OPTION_ROM;
+ }
- case MEDIA_DEVICE_PATH:
- if (DevicePathSubType (TempDevicePath) == MEDIA_RELATIVE_OFFSET_RANGE_DP) {
- return IMAGE_FROM_OPTION_ROM;
- }
- break;
+ break;
- case MESSAGING_DEVICE_PATH:
- if (DevicePathSubType(TempDevicePath) == MSG_MAC_ADDR_DP) {
- return IMAGE_FROM_REMOVABLE_MEDIA;
- }
- break;
+ case MESSAGING_DEVICE_PATH:
+ if (DevicePathSubType (TempDevicePath) == MSG_MAC_ADDR_DP) {
+ return IMAGE_FROM_REMOVABLE_MEDIA;
+ }
- default:
- break;
+ break;
+
+ default:
+ break;
}
+
TempDevicePath = NextDevicePathNode (TempDevicePath);
}
+
return IMAGE_UNKNOWN;
}
@@ -289,7 +290,7 @@ GetImageType (
**/
BOOLEAN
HashPeImage (
- IN UINT32 HashAlg
+ IN UINT32 HashAlg
)
{
BOOLEAN Status;
@@ -319,34 +320,34 @@ HashPeImage (
ZeroMem (mImageDigest, MAX_DIGEST_SIZE);
switch (HashAlg) {
-#ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
- case HASHALG_SHA1:
- mImageDigestSize = SHA1_DIGEST_SIZE;
- mCertType = gEfiCertSha1Guid;
- break;
-#endif
-
- case HASHALG_SHA256:
- mImageDigestSize = SHA256_DIGEST_SIZE;
- mCertType = gEfiCertSha256Guid;
- break;
-
- case HASHALG_SHA384:
- mImageDigestSize = SHA384_DIGEST_SIZE;
- mCertType = gEfiCertSha384Guid;
- break;
-
- case HASHALG_SHA512:
- mImageDigestSize = SHA512_DIGEST_SIZE;
- mCertType = gEfiCertSha512Guid;
- break;
-
- default:
- return FALSE;
+ #ifndef DISABLE_SHA1_DEPRECATED_INTERFACES
+ case HASHALG_SHA1:
+ mImageDigestSize = SHA1_DIGEST_SIZE;
+ mCertType = gEfiCertSha1Guid;
+ break;
+ #endif
+
+ case HASHALG_SHA256:
+ mImageDigestSize = SHA256_DIGEST_SIZE;
+ mCertType = gEfiCertSha256Guid;
+ break;
+
+ case HASHALG_SHA384:
+ mImageDigestSize = SHA384_DIGEST_SIZE;
+ mCertType = gEfiCertSha384Guid;
+ break;
+
+ case HASHALG_SHA512:
+ mImageDigestSize = SHA512_DIGEST_SIZE;
+ mCertType = gEfiCertSha512Guid;
+ break;
+
+ default:
+ return FALSE;
}
mHashTypeStr = mHash[HashAlg].Name;
- CtxSize = mHash[HashAlg].GetContextSize();
+ CtxSize = mHash[HashAlg].GetContextSize ();
HashCtx = AllocatePool (CtxSize);
if (HashCtx == NULL) {
@@ -356,7 +357,7 @@ HashPeImage (
// 1. Load the image header into memory.
// 2. Initialize a SHA hash context.
- Status = mHash[HashAlg].HashInit(HashCtx);
+ Status = mHash[HashAlg].HashInit (HashCtx);
if (!Status) {
goto Done;
@@ -376,13 +377,13 @@ HashPeImage (
//
// Use PE32 offset.
//
- HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase;
+ HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN)HashBase;
NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
} else if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) {
//
// Use PE32+ offset.
//
- HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN) HashBase;
+ HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.CheckSum) - (UINTN)HashBase;
NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
} else {
//
@@ -392,7 +393,7 @@ HashPeImage (
goto Done;
}
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@@ -409,18 +410,18 @@ HashPeImage (
//
// Use PE32 offset.
//
- HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
- HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase);
+ HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
+ HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
} else {
//
// Use PE32+ offset.
//
- HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
- HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase);
+ HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
+ HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
}
if (HashSize != 0) {
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@@ -433,18 +434,18 @@ HashPeImage (
//
// Use PE32 offset.
//
- HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
- HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
+ HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.CheckSum + sizeof (UINT32);
+ HashSize = (UINTN)(&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
} else {
//
// Use PE32+ offset.
//
- HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
- HashSize = (UINTN) (&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN) HashBase;
+ HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.CheckSum + sizeof (UINT32);
+ HashSize = (UINTN)(&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]) - (UINTN)HashBase;
}
if (HashSize != 0) {
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@@ -458,18 +459,18 @@ HashPeImage (
//
// Use PE32 offset
//
- HashBase = (UINT8 *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
- HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase);
+ HashBase = (UINT8 *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
+ HashSize = mNtHeader.Pe32->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
} else {
//
// Use PE32+ offset.
//
- HashBase = (UINT8 *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
- HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN) HashBase - (UINTN) mImageBase);
+ HashBase = (UINT8 *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY + 1];
+ HashSize = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders - ((UINTN)HashBase - (UINTN)mImageBase);
}
if (HashSize != 0) {
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@@ -491,14 +492,13 @@ HashPeImage (
SumOfBytesHashed = mNtHeader.Pe32Plus->OptionalHeader.SizeOfHeaders;
}
-
- Section = (EFI_IMAGE_SECTION_HEADER *) (
- mImageBase +
- mPeCoffHeaderOffset +
- sizeof (UINT32) +
- sizeof (EFI_IMAGE_FILE_HEADER) +
- mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader
- );
+ Section = (EFI_IMAGE_SECTION_HEADER *)(
+ mImageBase +
+ mPeCoffHeaderOffset +
+ sizeof (UINT32) +
+ sizeof (EFI_IMAGE_FILE_HEADER) +
+ mNtHeader.Pe32->FileHeader.SizeOfOptionalHeader
+ );
//
// 11. Build a temporary table of pointers to all the IMAGE_SECTION_HEADER
@@ -506,11 +506,12 @@ HashPeImage (
// header indicates how big the table should be. Do not include any
// IMAGE_SECTION_HEADERs in the table whose 'SizeOfRawData' field is zero.
//
- SectionHeader = (EFI_IMAGE_SECTION_HEADER *) AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);
+ SectionHeader = (EFI_IMAGE_SECTION_HEADER *)AllocateZeroPool (sizeof (EFI_IMAGE_SECTION_HEADER) * mNtHeader.Pe32->FileHeader.NumberOfSections);
if (SectionHeader == NULL) {
Status = FALSE;
goto Done;
}
+
//
// 12. Using the 'PointerToRawData' in the referenced section headers as
// a key, arrange the elements in the table in ascending order. In other
@@ -523,6 +524,7 @@ HashPeImage (
CopyMem (&SectionHeader[Pos], &SectionHeader[Pos - 1], sizeof (EFI_IMAGE_SECTION_HEADER));
Pos--;
}
+
CopyMem (&SectionHeader[Pos], Section, sizeof (EFI_IMAGE_SECTION_HEADER));
Section += 1;
}
@@ -539,10 +541,11 @@ HashPeImage (
if (Section->SizeOfRawData == 0) {
continue;
}
- HashBase = mImageBase + Section->PointerToRawData;
- HashSize = (UINTN) Section->SizeOfRawData;
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ HashBase = mImageBase + Section->PointerToRawData;
+ HashSize = (UINTN)Section->SizeOfRawData;
+
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@@ -576,9 +579,9 @@ HashPeImage (
}
if (mImageSize > CertSize + SumOfBytesHashed) {
- HashSize = (UINTN) (mImageSize - CertSize - SumOfBytesHashed);
+ HashSize = (UINTN)(mImageSize - CertSize - SumOfBytesHashed);
- Status = mHash[HashAlg].HashUpdate(HashCtx, HashBase, HashSize);
+ Status = mHash[HashAlg].HashUpdate (HashCtx, HashBase, HashSize);
if (!Status) {
goto Done;
}
@@ -588,15 +591,17 @@ HashPeImage (
}
}
- Status = mHash[HashAlg].HashFinal(HashCtx, mImageDigest);
+ Status = mHash[HashAlg].HashFinal (HashCtx, mImageDigest);
Done:
if (HashCtx != NULL) {
FreePool (HashCtx);
}
+
if (SectionHeader != NULL) {
FreePool (SectionHeader);
}
+
return Status;
}
@@ -618,11 +623,11 @@ Done:
**/
EFI_STATUS
HashPeImageByType (
- IN UINT8 *AuthData,
- IN UINTN AuthDataSize
+ IN UINT8 *AuthData,
+ IN UINTN AuthDataSize
)
{
- UINT8 Index;
+ UINT8 Index;
for (Index = 0; Index < HASHALG_MAX; Index++) {
//
@@ -660,14 +665,13 @@ HashPeImageByType (
//
// HASH PE Image based on Hash algorithm in PE/COFF Authenticode.
//
- if (!HashPeImage(Index)) {
+ if (!HashPeImage (Index)) {
return EFI_UNSUPPORTED;
}
return EFI_SUCCESS;
}
-
/**
Returns the size of a given image execution info table in bytes.
@@ -682,7 +686,7 @@ HashPeImageByType (
**/
UINTN
GetImageExeInfoTableSize (
- EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable
+ EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable
)
{
UINTN Index;
@@ -693,11 +697,11 @@ GetImageExeInfoTableSize (
return 0;
}
- ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE));
- TotalSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
+ ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)ImageExeInfoTable + sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE));
+ TotalSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
for (Index = 0; Index < ImageExeInfoTable->NumberOfImages; Index++) {
- TotalSize += ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize);
- ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) ImageExeInfoItem + ReadUnaligned32 ((UINT32 *) &ImageExeInfoItem->InfoSize));
+ TotalSize += ReadUnaligned32 ((UINT32 *)&ImageExeInfoItem->InfoSize);
+ ImageExeInfoItem = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)ImageExeInfoItem + ReadUnaligned32 ((UINT32 *)&ImageExeInfoItem->InfoSize));
}
return TotalSize;
@@ -715,11 +719,11 @@ GetImageExeInfoTableSize (
**/
VOID
AddImageExeInfo (
- IN EFI_IMAGE_EXECUTION_ACTION Action,
- IN CHAR16 *Name OPTIONAL,
- IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath,
- IN EFI_SIGNATURE_LIST *Signature OPTIONAL,
- IN UINTN SignatureSize
+ IN EFI_IMAGE_EXECUTION_ACTION Action,
+ IN CHAR16 *Name OPTIONAL,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *DevicePath,
+ IN EFI_SIGNATURE_LIST *Signature OPTIONAL,
+ IN UINTN SignatureSize
)
{
EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable;
@@ -731,14 +735,14 @@ AddImageExeInfo (
UINTN DevicePathSize;
CHAR16 *NameStr;
- ImageExeInfoTable = NULL;
- NewImageExeInfoTable = NULL;
- ImageExeInfoEntry = NULL;
- NameStringLen = 0;
- NameStr = NULL;
+ ImageExeInfoTable = NULL;
+ NewImageExeInfoTable = NULL;
+ ImageExeInfoEntry = NULL;
+ NameStringLen = 0;
+ NameStr = NULL;
if (DevicePath == NULL) {
- return ;
+ return;
}
if (Name != NULL) {
@@ -747,7 +751,7 @@ AddImageExeInfo (
NameStringLen = sizeof (CHAR16);
}
- EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable);
+ EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **)&ImageExeInfoTable);
if (ImageExeInfoTable != NULL) {
//
// The table has been found!
@@ -762,7 +766,7 @@ AddImageExeInfo (
ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
}
- DevicePathSize = GetDevicePathSize (DevicePath);
+ DevicePathSize = GetDevicePathSize (DevicePath);
//
// Signature size can be odd. Pad after signature to ensure next EXECUTION_INFO entry align
@@ -770,9 +774,9 @@ AddImageExeInfo (
ASSERT (Signature != NULL || SignatureSize == 0);
NewImageExeInfoEntrySize = sizeof (EFI_IMAGE_EXECUTION_INFO) + NameStringLen + DevicePathSize + SignatureSize;
- NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
+ NewImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *)AllocateRuntimePool (ImageExeInfoTableSize + NewImageExeInfoEntrySize);
if (NewImageExeInfoTable == NULL) {
- return ;
+ return;
}
if (ImageExeInfoTable != NULL) {
@@ -780,37 +784,39 @@ AddImageExeInfo (
} else {
NewImageExeInfoTable->NumberOfImages = 0;
}
+
NewImageExeInfoTable->NumberOfImages++;
- ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *) ((UINT8 *) NewImageExeInfoTable + ImageExeInfoTableSize);
+ ImageExeInfoEntry = (EFI_IMAGE_EXECUTION_INFO *)((UINT8 *)NewImageExeInfoTable + ImageExeInfoTableSize);
//
// Update new item's information.
//
- WriteUnaligned32 ((UINT32 *) ImageExeInfoEntry, Action);
- WriteUnaligned32 ((UINT32 *) ((UINT8 *) ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32) NewImageExeInfoEntrySize);
+ WriteUnaligned32 ((UINT32 *)ImageExeInfoEntry, Action);
+ WriteUnaligned32 ((UINT32 *)((UINT8 *)ImageExeInfoEntry + sizeof (EFI_IMAGE_EXECUTION_ACTION)), (UINT32)NewImageExeInfoEntrySize);
NameStr = (CHAR16 *)(ImageExeInfoEntry + 1);
if (Name != NULL) {
- CopyMem ((UINT8 *) NameStr, Name, NameStringLen);
+ CopyMem ((UINT8 *)NameStr, Name, NameStringLen);
} else {
- ZeroMem ((UINT8 *) NameStr, sizeof (CHAR16));
+ ZeroMem ((UINT8 *)NameStr, sizeof (CHAR16));
}
CopyMem (
- (UINT8 *) NameStr + NameStringLen,
+ (UINT8 *)NameStr + NameStringLen,
DevicePath,
DevicePathSize
);
if (Signature != NULL) {
CopyMem (
- (UINT8 *) NameStr + NameStringLen + DevicePathSize,
+ (UINT8 *)NameStr + NameStringLen + DevicePathSize,
Signature,
SignatureSize
);
}
+
//
// Update/replace the image execution table.
//
- gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) NewImageExeInfoTable);
+ gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *)NewImageExeInfoTable);
//
// Free Old table data!
@@ -888,7 +894,7 @@ IsCertHashFoundInDbx (
HashAlg = HASHALG_SHA512;
} else {
DbxSize -= DbxList->SignatureListSize;
- DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize);
+ DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize);
continue;
}
@@ -898,17 +904,21 @@ IsCertHashFoundInDbx (
if (mHash[HashAlg].GetContextSize == NULL) {
goto Done;
}
+
ZeroMem (CertDigest, MAX_DIGEST_SIZE);
HashCtx = AllocatePool (mHash[HashAlg].GetContextSize ());
if (HashCtx == NULL) {
goto Done;
}
+
if (!mHash[HashAlg].HashInit (HashCtx)) {
goto Done;
}
+
if (!mHash[HashAlg].HashUpdate (HashCtx, TBSCert, TBSCertSize)) {
goto Done;
}
+
if (!mHash[HashAlg].HashFinal (HashCtx, CertDigest)) {
goto Done;
}
@@ -917,7 +927,7 @@ IsCertHashFoundInDbx (
HashCtx = NULL;
SiglistHeaderSize = sizeof (EFI_SIGNATURE_LIST) + DbxList->SignatureHeaderSize;
- CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) DbxList + SiglistHeaderSize);
+ CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)DbxList + SiglistHeaderSize);
CertHashCount = (DbxList->SignatureListSize - SiglistHeaderSize) / DbxList->SignatureSize;
for (Index = 0; Index < CertHashCount; Index++) {
//
@@ -937,11 +947,12 @@ IsCertHashFoundInDbx (
CopyMem (RevocationTime, (EFI_TIME *)(DbxCertHash + mHash[HashAlg].DigestLength), sizeof (EFI_TIME));
goto Done;
}
- CertHash = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertHash + DbxList->SignatureSize);
+
+ CertHash = (EFI_SIGNATURE_DATA *)((UINT8 *)CertHash + DbxList->SignatureSize);
}
DbxSize -= DbxList->SignatureListSize;
- DbxList = (EFI_SIGNATURE_LIST *) ((UINT8 *) DbxList + DbxList->SignatureListSize);
+ DbxList = (EFI_SIGNATURE_LIST *)((UINT8 *)DbxList + DbxList->SignatureListSize);
}
Status = EFI_SUCCESS;
@@ -969,11 +980,11 @@ Done:
**/
EFI_STATUS
IsSignatureFoundInDatabase (
- IN CHAR16 *VariableName,
- IN UINT8 *Signature,
- IN EFI_GUID *CertType,
- IN UINTN SignatureSize,
- OUT BOOLEAN *IsFound
+ IN CHAR16 *VariableName,
+ IN UINT8 *Signature,
+ IN EFI_GUID *CertType,
+ IN UINTN SignatureSize,
+ OUT BOOLEAN *IsFound
)
{
EFI_STATUS Status;
@@ -987,10 +998,10 @@ IsSignatureFoundInDatabase (
//
// Read signature database variable.
//
- *IsFound = FALSE;
- Data = NULL;
- DataSize = 0;
- Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
+ *IsFound = FALSE;
+ Data = NULL;
+ DataSize = 0;
+ Status = gRT->GetVariable (VariableName, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, NULL);
if (Status != EFI_BUFFER_TOO_SMALL) {
if (Status == EFI_NOT_FOUND) {
//
@@ -1002,7 +1013,7 @@ IsSignatureFoundInDatabase (
return Status;
}
- Data = (UINT8 *) AllocateZeroPool (DataSize);
+ Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
return EFI_OUT_OF_RESOURCES;
}
@@ -1011,14 +1022,15 @@ IsSignatureFoundInDatabase (
if (EFI_ERROR (Status)) {
goto Done;
}
+
//
// Enumerate all signature data in SigDB to check if signature exists for executable.
//
- CertList = (EFI_SIGNATURE_LIST *) Data;
+ CertList = (EFI_SIGNATURE_LIST *)Data;
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
- if ((CertList->SignatureSize == sizeof(EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid(&CertList->SignatureType, CertType))) {
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ if ((CertList->SignatureSize == sizeof (EFI_SIGNATURE_DATA) - 1 + SignatureSize) && (CompareGuid (&CertList->SignatureType, CertType))) {
for (Index = 0; Index < CertCount; Index++) {
if (CompareMem (Cert->SignatureData, Signature, SignatureSize) == 0) {
//
@@ -1028,13 +1040,14 @@ IsSignatureFoundInDatabase (
//
// Entries in UEFI_IMAGE_SECURITY_DATABASE that are used to validate image should be measured
//
- if (StrCmp(VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) {
+ if (StrCmp (VariableName, EFI_IMAGE_SECURITY_DATABASE) == 0) {
SecureBootHook (VariableName, &gEfiImageSecurityDatabaseGuid, CertList->SignatureSize, Cert);
}
+
break;
}
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
if (*IsFound) {
@@ -1043,7 +1056,7 @@ IsSignatureFoundInDatabase (
}
DataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
Done:
@@ -1066,23 +1079,23 @@ Done:
**/
BOOLEAN
IsValidSignatureByTimestamp (
- IN EFI_TIME *SigningTime,
- IN EFI_TIME *RevocationTime
+ IN EFI_TIME *SigningTime,
+ IN EFI_TIME *RevocationTime
)
{
if (SigningTime->Year != RevocationTime->Year) {
- return (BOOLEAN) (SigningTime->Year < RevocationTime->Year);
+ return (BOOLEAN)(SigningTime->Year < RevocationTime->Year);
} else if (SigningTime->Month != RevocationTime->Month) {
- return (BOOLEAN) (SigningTime->Month < RevocationTime->Month);
+ return (BOOLEAN)(SigningTime->Month < RevocationTime->Month);
} else if (SigningTime->Day != RevocationTime->Day) {
- return (BOOLEAN) (SigningTime->Day < RevocationTime->Day);
+ return (BOOLEAN)(SigningTime->Day < RevocationTime->Day);
} else if (SigningTime->Hour != RevocationTime->Hour) {
- return (BOOLEAN) (SigningTime->Hour < RevocationTime->Hour);
+ return (BOOLEAN)(SigningTime->Hour < RevocationTime->Hour);
} else if (SigningTime->Minute != RevocationTime->Minute) {
- return (BOOLEAN) (SigningTime->Minute < RevocationTime->Minute);
+ return (BOOLEAN)(SigningTime->Minute < RevocationTime->Minute);
}
- return (BOOLEAN) (SigningTime->Second <= RevocationTime->Second);
+ return (BOOLEAN)(SigningTime->Second <= RevocationTime->Second);
}
/**
@@ -1096,11 +1109,12 @@ IsValidSignatureByTimestamp (
**/
BOOLEAN
IsTimeZero (
- IN EFI_TIME *Time
+ IN EFI_TIME *Time
)
{
if ((Time->Year == 0) && (Time->Month == 0) && (Time->Day == 0) &&
- (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0)) {
+ (Time->Hour == 0) && (Time->Minute == 0) && (Time->Second == 0))
+ {
return TRUE;
}
@@ -1123,32 +1137,32 @@ IsTimeZero (
**/
BOOLEAN
PassTimestampCheck (
- IN UINT8 *AuthData,
- IN UINTN AuthDataSize,
- IN EFI_TIME *RevocationTime
+ IN UINT8 *AuthData,
+ IN UINTN AuthDataSize,
+ IN EFI_TIME *RevocationTime
)
{
- EFI_STATUS Status;
- BOOLEAN VerifyStatus;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *Cert;
- UINT8 *DbtData;
- UINTN DbtDataSize;
- UINT8 *RootCert;
- UINTN RootCertSize;
- UINTN Index;
- UINTN CertCount;
- EFI_TIME SigningTime;
+ EFI_STATUS Status;
+ BOOLEAN VerifyStatus;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_DATA *Cert;
+ UINT8 *DbtData;
+ UINTN DbtDataSize;
+ UINT8 *RootCert;
+ UINTN RootCertSize;
+ UINTN Index;
+ UINTN CertCount;
+ EFI_TIME SigningTime;
//
// Variable Initialization
//
- VerifyStatus = FALSE;
- DbtData = NULL;
- CertList = NULL;
- Cert = NULL;
- RootCert = NULL;
- RootCertSize = 0;
+ VerifyStatus = FALSE;
+ DbtData = NULL;
+ CertList = NULL;
+ Cert = NULL;
+ RootCert = NULL;
+ RootCertSize = 0;
//
// If RevocationTime is zero, the certificate shall be considered to always be revoked.
@@ -1162,23 +1176,25 @@ PassTimestampCheck (
// Using the dbt to get the trusted TSA certificates.
//
DbtDataSize = 0;
- Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, NULL);
+ Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, NULL);
if (Status != EFI_BUFFER_TOO_SMALL) {
goto Done;
}
- DbtData = (UINT8 *) AllocateZeroPool (DbtDataSize);
+
+ DbtData = (UINT8 *)AllocateZeroPool (DbtDataSize);
if (DbtData == NULL) {
goto Done;
}
- Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *) DbtData);
+
+ Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE2, &gEfiImageSecurityDatabaseGuid, NULL, &DbtDataSize, (VOID *)DbtData);
if (EFI_ERROR (Status)) {
goto Done;
}
- CertList = (EFI_SIGNATURE_LIST *) DbtData;
+ CertList = (EFI_SIGNATURE_LIST *)DbtData;
while ((DbtDataSize > 0) && (DbtDataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
//
@@ -1198,11 +1214,13 @@ PassTimestampCheck (
goto Done;
}
}
- Cert = (EFI_SIGNATURE_DATA *) ((UINT8 *) Cert + CertList->SignatureSize);
+
+ Cert = (EFI_SIGNATURE_DATA *)((UINT8 *)Cert + CertList->SignatureSize);
}
}
+
DbtDataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
Done:
@@ -1226,31 +1244,32 @@ Done:
**/
BOOLEAN
IsForbiddenByDbx (
- IN UINT8 *AuthData,
- IN UINTN AuthDataSize
+ IN UINT8 *AuthData,
+ IN UINTN AuthDataSize
)
{
- EFI_STATUS Status;
- BOOLEAN IsForbidden;
- BOOLEAN IsFound;
- UINT8 *Data;
- UINTN DataSize;
- EFI_SIGNATURE_LIST *CertList;
- UINTN CertListSize;
- EFI_SIGNATURE_DATA *CertData;
- UINT8 *RootCert;
- UINTN RootCertSize;
- UINTN CertCount;
- UINTN Index;
- UINT8 *CertBuffer;
- UINTN BufferLength;
- UINT8 *TrustedCert;
- UINTN TrustedCertLength;
- UINT8 CertNumber;
- UINT8 *CertPtr;
- UINT8 *Cert;
- UINTN CertSize;
- EFI_TIME RevocationTime;
+ EFI_STATUS Status;
+ BOOLEAN IsForbidden;
+ BOOLEAN IsFound;
+ UINT8 *Data;
+ UINTN DataSize;
+ EFI_SIGNATURE_LIST *CertList;
+ UINTN CertListSize;
+ EFI_SIGNATURE_DATA *CertData;
+ UINT8 *RootCert;
+ UINTN RootCertSize;
+ UINTN CertCount;
+ UINTN Index;
+ UINT8 *CertBuffer;
+ UINTN BufferLength;
+ UINT8 *TrustedCert;
+ UINTN TrustedCertLength;
+ UINT8 CertNumber;
+ UINT8 *CertPtr;
+ UINT8 *Cert;
+ UINTN CertSize;
+ EFI_TIME RevocationTime;
+
//
// Variable Initialization
//
@@ -1279,14 +1298,16 @@ IsForbiddenByDbx (
//
IsForbidden = FALSE;
}
+
return IsForbidden;
}
- Data = (UINT8 *) AllocateZeroPool (DataSize);
+
+ Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
return IsForbidden;
}
- Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data);
+ Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *)Data);
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -1295,11 +1316,11 @@ IsForbiddenByDbx (
// Verify image signature with RAW X509 certificates in DBX database.
// If passed, the image will be forbidden.
//
- CertList = (EFI_SIGNATURE_LIST *) Data;
+ CertList = (EFI_SIGNATURE_LIST *)Data;
CertListSize = DataSize;
while ((CertListSize > 0) && (CertListSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
- CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
@@ -1325,12 +1346,12 @@ IsForbiddenByDbx (
goto Done;
}
- CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertData + CertList->SignatureSize);
+ CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertData + CertList->SignatureSize);
}
}
CertListSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
//
@@ -1350,7 +1371,7 @@ IsForbiddenByDbx (
// UINT8 Certn[];
//
Pkcs7GetSigners (AuthData, AuthDataSize, &CertBuffer, &BufferLength, &TrustedCert, &TrustedCertLength);
- if ((BufferLength == 0) || (CertBuffer == NULL) || (*CertBuffer) == 0) {
+ if ((BufferLength == 0) || (CertBuffer == NULL) || ((*CertBuffer) == 0)) {
IsForbidden = TRUE;
goto Done;
}
@@ -1358,10 +1379,10 @@ IsForbiddenByDbx (
//
// Check if any hash of certificates embedded in AuthData is in the forbidden database.
//
- CertNumber = (UINT8) (*CertBuffer);
+ CertNumber = (UINT8)(*CertBuffer);
CertPtr = CertBuffer + 1;
for (Index = 0; Index < CertNumber; Index++) {
- CertSize = (UINTN) ReadUnaligned32 ((UINT32 *)CertPtr);
+ CertSize = (UINTN)ReadUnaligned32 ((UINT32 *)CertPtr);
Cert = (UINT8 *)CertPtr + sizeof (UINT32);
//
// Advance CertPtr to the next cert in image signer's cert list
@@ -1392,7 +1413,6 @@ IsForbiddenByDbx (
goto Done;
}
}
-
}
IsForbidden = FALSE;
@@ -1408,7 +1428,6 @@ Done:
return IsForbidden;
}
-
/**
Check whether the image signature can be verified by the trusted certificates in DB database.
@@ -1421,32 +1440,32 @@ Done:
**/
BOOLEAN
IsAllowedByDb (
- IN UINT8 *AuthData,
- IN UINTN AuthDataSize
+ IN UINT8 *AuthData,
+ IN UINTN AuthDataSize
)
{
- EFI_STATUS Status;
- BOOLEAN VerifyStatus;
- BOOLEAN IsFound;
- EFI_SIGNATURE_LIST *CertList;
- EFI_SIGNATURE_DATA *CertData;
- UINTN DataSize;
- UINT8 *Data;
- UINT8 *RootCert;
- UINTN RootCertSize;
- UINTN Index;
- UINTN CertCount;
- UINTN DbxDataSize;
- UINT8 *DbxData;
- EFI_TIME RevocationTime;
+ EFI_STATUS Status;
+ BOOLEAN VerifyStatus;
+ BOOLEAN IsFound;
+ EFI_SIGNATURE_LIST *CertList;
+ EFI_SIGNATURE_DATA *CertData;
+ UINTN DataSize;
+ UINT8 *Data;
+ UINT8 *RootCert;
+ UINTN RootCertSize;
+ UINTN Index;
+ UINTN CertCount;
+ UINTN DbxDataSize;
+ UINT8 *DbxData;
+ EFI_TIME RevocationTime;
- Data = NULL;
- CertList = NULL;
- CertData = NULL;
- RootCert = NULL;
- DbxData = NULL;
- RootCertSize = 0;
- VerifyStatus = FALSE;
+ Data = NULL;
+ CertList = NULL;
+ CertData = NULL;
+ RootCert = NULL;
+ DbxData = NULL;
+ RootCertSize = 0;
+ VerifyStatus = FALSE;
//
// Fetch 'db' content. If 'db' doesn't exist or encounters problem to get the
@@ -1459,12 +1478,12 @@ IsAllowedByDb (
return VerifyStatus;
}
- Data = (UINT8 *) AllocateZeroPool (DataSize);
+ Data = (UINT8 *)AllocateZeroPool (DataSize);
if (Data == NULL) {
return VerifyStatus;
}
- Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data);
+ Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *)Data);
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -1481,6 +1500,7 @@ IsAllowedByDb (
if (Status != EFI_NOT_FOUND) {
goto Done;
}
+
//
// 'dbx' does not exist. Continue to check 'db'.
//
@@ -1488,12 +1508,12 @@ IsAllowedByDb (
//
// 'dbx' exists. Get its content.
//
- DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize);
+ DbxData = (UINT8 *)AllocateZeroPool (DbxDataSize);
if (DbxData == NULL) {
goto Done;
}
- Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, (VOID *) DbxData);
+ Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, (VOID *)DbxData);
if (EFI_ERROR (Status)) {
goto Done;
}
@@ -1502,10 +1522,10 @@ IsAllowedByDb (
//
// Find X509 certificate in Signature List to verify the signature in pkcs7 signed data.
//
- CertList = (EFI_SIGNATURE_LIST *) Data;
+ CertList = (EFI_SIGNATURE_LIST *)Data;
while ((DataSize > 0) && (DataSize >= CertList->SignatureListSize)) {
if (CompareGuid (&CertList->SignatureType, &gEfiCertX509Guid)) {
- CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
+ CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertList + sizeof (EFI_SIGNATURE_LIST) + CertList->SignatureHeaderSize);
CertCount = (CertList->SignatureListSize - sizeof (EFI_SIGNATURE_LIST) - CertList->SignatureHeaderSize) / CertList->SignatureSize;
for (Index = 0; Index < CertCount; Index++) {
@@ -1561,12 +1581,12 @@ IsAllowedByDb (
goto Done;
}
- CertData = (EFI_SIGNATURE_DATA *) ((UINT8 *) CertData + CertList->SignatureSize);
+ CertData = (EFI_SIGNATURE_DATA *)((UINT8 *)CertData + CertList->SignatureSize);
}
}
DataSize -= CertList->SignatureListSize;
- CertList = (EFI_SIGNATURE_LIST *) ((UINT8 *) CertList + CertList->SignatureListSize);
+ CertList = (EFI_SIGNATURE_LIST *)((UINT8 *)CertList + CertList->SignatureListSize);
}
Done:
@@ -1578,6 +1598,7 @@ Done:
if (Data != NULL) {
FreePool (Data);
}
+
if (DbxData != NULL) {
FreePool (DbxData);
}
@@ -1635,37 +1656,37 @@ Done:
EFI_STATUS
EFIAPI
DxeImageVerificationHandler (
- IN UINT32 AuthenticationStatus,
- IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
- IN VOID *FileBuffer,
- IN UINTN FileSize,
- IN BOOLEAN BootPolicy
+ IN UINT32 AuthenticationStatus,
+ IN CONST EFI_DEVICE_PATH_PROTOCOL *File OPTIONAL,
+ IN VOID *FileBuffer,
+ IN UINTN FileSize,
+ IN BOOLEAN BootPolicy
)
{
- EFI_IMAGE_DOS_HEADER *DosHdr;
- BOOLEAN IsVerified;
- EFI_SIGNATURE_LIST *SignatureList;
- UINTN SignatureListSize;
- EFI_SIGNATURE_DATA *Signature;
- EFI_IMAGE_EXECUTION_ACTION Action;
- WIN_CERTIFICATE *WinCertificate;
- UINT32 Policy;
- UINT8 *SecureBoot;
- PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
- UINT32 NumberOfRvaAndSizes;
- WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;
- WIN_CERTIFICATE_UEFI_GUID *WinCertUefiGuid;
- UINT8 *AuthData;
- UINTN AuthDataSize;
- EFI_IMAGE_DATA_DIRECTORY *SecDataDir;
- UINT32 SecDataDirEnd;
- UINT32 SecDataDirLeft;
- UINT32 OffSet;
- CHAR16 *NameStr;
- RETURN_STATUS PeCoffStatus;
- EFI_STATUS HashStatus;
- EFI_STATUS DbStatus;
- BOOLEAN IsFound;
+ EFI_IMAGE_DOS_HEADER *DosHdr;
+ BOOLEAN IsVerified;
+ EFI_SIGNATURE_LIST *SignatureList;
+ UINTN SignatureListSize;
+ EFI_SIGNATURE_DATA *Signature;
+ EFI_IMAGE_EXECUTION_ACTION Action;
+ WIN_CERTIFICATE *WinCertificate;
+ UINT32 Policy;
+ UINT8 *SecureBoot;
+ PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
+ UINT32 NumberOfRvaAndSizes;
+ WIN_CERTIFICATE_EFI_PKCS *PkcsCertData;
+ WIN_CERTIFICATE_UEFI_GUID *WinCertUefiGuid;
+ UINT8 *AuthData;
+ UINTN AuthDataSize;
+ EFI_IMAGE_DATA_DIRECTORY *SecDataDir;
+ UINT32 SecDataDirEnd;
+ UINT32 SecDataDirLeft;
+ UINT32 OffSet;
+ CHAR16 *NameStr;
+ RETURN_STATUS PeCoffStatus;
+ EFI_STATUS HashStatus;
+ EFI_STATUS DbStatus;
+ BOOLEAN IsFound;
SignatureList = NULL;
SignatureListSize = 0;
@@ -1680,33 +1701,34 @@ DxeImageVerificationHandler (
// Check the image type and get policy setting.
//
switch (GetImageType (File)) {
+ case IMAGE_FROM_FV:
+ Policy = ALWAYS_EXECUTE;
+ break;
- case IMAGE_FROM_FV:
- Policy = ALWAYS_EXECUTE;
- break;
-
- case IMAGE_FROM_OPTION_ROM:
- Policy = PcdGet32 (PcdOptionRomImageVerificationPolicy);
- break;
+ case IMAGE_FROM_OPTION_ROM:
+ Policy = PcdGet32 (PcdOptionRomImageVerificationPolicy);
+ break;
- case IMAGE_FROM_REMOVABLE_MEDIA:
- Policy = PcdGet32 (PcdRemovableMediaImageVerificationPolicy);
- break;
+ case IMAGE_FROM_REMOVABLE_MEDIA:
+ Policy = PcdGet32 (PcdRemovableMediaImageVerificationPolicy);
+ break;
- case IMAGE_FROM_FIXED_MEDIA:
- Policy = PcdGet32 (PcdFixedMediaImageVerificationPolicy);
- break;
+ case IMAGE_FROM_FIXED_MEDIA:
+ Policy = PcdGet32 (PcdFixedMediaImageVerificationPolicy);
+ break;
- default:
- Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION;
- break;
+ default:
+ Policy = DENY_EXECUTE_ON_SECURITY_VIOLATION;
+ break;
}
+
//
// If policy is always/never execute, return directly.
//
if (Policy == ALWAYS_EXECUTE) {
return EFI_SUCCESS;
}
+
if (Policy == NEVER_EXECUTE) {
return EFI_ACCESS_DENIED;
}
@@ -1716,11 +1738,11 @@ DxeImageVerificationHandler (
// violates the UEFI spec and has been removed.
//
ASSERT (Policy != QUERY_USER_ON_SECURITY_VIOLATION && Policy != ALLOW_EXECUTE_ON_SECURITY_VIOLATION);
- if (Policy == QUERY_USER_ON_SECURITY_VIOLATION || Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION) {
+ if ((Policy == QUERY_USER_ON_SECURITY_VIOLATION) || (Policy == ALLOW_EXECUTE_ON_SECURITY_VIOLATION)) {
CpuDeadLoop ();
}
- GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID**)&SecureBoot, NULL);
+ GetEfiGlobalVariable2 (EFI_SECURE_BOOT_MODE_NAME, (VOID **)&SecureBoot, NULL);
//
// Skip verification if SecureBoot variable doesn't exist.
//
@@ -1735,6 +1757,7 @@ DxeImageVerificationHandler (
FreePool (SecureBoot);
return EFI_SUCCESS;
}
+
FreePool (SecureBoot);
//
@@ -1744,12 +1767,12 @@ DxeImageVerificationHandler (
return EFI_ACCESS_DENIED;
}
- mImageBase = (UINT8 *) FileBuffer;
- mImageSize = FileSize;
+ mImageBase = (UINT8 *)FileBuffer;
+ mImageSize = FileSize;
ZeroMem (&ImageContext, sizeof (ImageContext));
- ImageContext.Handle = (VOID *) FileBuffer;
- ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE) DxeImageVerificationLibImageRead;
+ ImageContext.Handle = (VOID *)FileBuffer;
+ ImageContext.ImageRead = (PE_COFF_LOADER_READ_FILE)DxeImageVerificationLibImageRead;
//
// Get information about the image being loaded
@@ -1763,7 +1786,7 @@ DxeImageVerificationHandler (
goto Failed;
}
- DosHdr = (EFI_IMAGE_DOS_HEADER *) mImageBase;
+ DosHdr = (EFI_IMAGE_DOS_HEADER *)mImageBase;
if (DosHdr->e_magic == EFI_IMAGE_DOS_SIGNATURE) {
//
// DOS image header is present,
@@ -1773,10 +1796,11 @@ DxeImageVerificationHandler (
} else {
mPeCoffHeaderOffset = 0;
}
+
//
// Check PE/COFF image.
//
- mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *) (mImageBase + mPeCoffHeaderOffset);
+ mNtHeader.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)(mImageBase + mPeCoffHeaderOffset);
if (mNtHeader.Pe32->Signature != EFI_IMAGE_NT_SIGNATURE) {
//
// It is not a valid Pe/Coff file.
@@ -1791,7 +1815,7 @@ DxeImageVerificationHandler (
//
NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes;
if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
- SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
+ SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&mNtHeader.Pe32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
}
} else {
//
@@ -1799,14 +1823,14 @@ DxeImageVerificationHandler (
//
NumberOfRvaAndSizes = mNtHeader.Pe32Plus->OptionalHeader.NumberOfRvaAndSizes;
if (NumberOfRvaAndSizes > EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
- SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *) &mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
+ SecDataDir = (EFI_IMAGE_DATA_DIRECTORY *)&mNtHeader.Pe32Plus->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
}
}
//
// Start Image Validation.
//
- if (SecDataDir == NULL || SecDataDir->Size == 0) {
+ if ((SecDataDir == NULL) || (SecDataDir->Size == 0)) {
//
// This image is not signed. The SHA256 hash value of the image must match a record in the security database "db",
// and not be reflected in the security data base "dbx".
@@ -1860,15 +1884,18 @@ DxeImageVerificationHandler (
SecDataDirEnd = SecDataDir->VirtualAddress + SecDataDir->Size;
for (OffSet = SecDataDir->VirtualAddress;
OffSet < SecDataDirEnd;
- OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength))) {
+ OffSet += (WinCertificate->dwLength + ALIGN_SIZE (WinCertificate->dwLength)))
+ {
SecDataDirLeft = SecDataDirEnd - OffSet;
if (SecDataDirLeft <= sizeof (WIN_CERTIFICATE)) {
break;
}
- WinCertificate = (WIN_CERTIFICATE *) (mImageBase + OffSet);
- if (SecDataDirLeft < WinCertificate->dwLength ||
+
+ WinCertificate = (WIN_CERTIFICATE *)(mImageBase + OffSet);
+ if ((SecDataDirLeft < WinCertificate->dwLength) ||
(SecDataDirLeft - WinCertificate->dwLength <
- ALIGN_SIZE (WinCertificate->dwLength))) {
+ ALIGN_SIZE (WinCertificate->dwLength)))
+ {
break;
}
@@ -1880,29 +1907,33 @@ DxeImageVerificationHandler (
// The certificate is formatted as WIN_CERTIFICATE_EFI_PKCS which is described in the
// Authenticode specification.
//
- PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *) WinCertificate;
+ PkcsCertData = (WIN_CERTIFICATE_EFI_PKCS *)WinCertificate;
if (PkcsCertData->Hdr.dwLength <= sizeof (PkcsCertData->Hdr)) {
break;
}
- AuthData = PkcsCertData->CertData;
- AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof(PkcsCertData->Hdr);
+
+ AuthData = PkcsCertData->CertData;
+ AuthDataSize = PkcsCertData->Hdr.dwLength - sizeof (PkcsCertData->Hdr);
} else if (WinCertificate->wCertificateType == WIN_CERT_TYPE_EFI_GUID) {
//
// The certificate is formatted as WIN_CERTIFICATE_UEFI_GUID which is described in UEFI Spec.
//
- WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *) WinCertificate;
- if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData)) {
+ WinCertUefiGuid = (WIN_CERTIFICATE_UEFI_GUID *)WinCertificate;
+ if (WinCertUefiGuid->Hdr.dwLength <= OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData)) {
break;
}
+
if (!CompareGuid (&WinCertUefiGuid->CertType, &gEfiCertPkcs7Guid)) {
continue;
}
- AuthData = WinCertUefiGuid->CertData;
- AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF(WIN_CERTIFICATE_UEFI_GUID, CertData);
+
+ AuthData = WinCertUefiGuid->CertData;
+ AuthDataSize = WinCertUefiGuid->Hdr.dwLength - OFFSET_OF (WIN_CERTIFICATE_UEFI_GUID, CertData);
} else {
if (WinCertificate->dwLength < sizeof (WIN_CERTIFICATE)) {
break;
}
+
continue;
}
@@ -1915,7 +1946,7 @@ DxeImageVerificationHandler (
// Check the digital signature against the revoked certificate in forbidden database (dbx).
//
if (IsForbiddenByDbx (AuthData, AuthDataSize)) {
- Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
+ Action = EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED;
IsVerified = FALSE;
break;
}
@@ -1972,21 +2003,23 @@ DxeImageVerificationHandler (
if (IsVerified) {
return EFI_SUCCESS;
}
- if (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED || Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND) {
+
+ if ((Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FAILED) || (Action == EFI_IMAGE_EXECUTION_AUTH_SIG_FOUND)) {
//
// Get image hash value as signature of executable.
//
SignatureListSize = sizeof (EFI_SIGNATURE_LIST) + sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize;
- SignatureList = (EFI_SIGNATURE_LIST *) AllocateZeroPool (SignatureListSize);
+ SignatureList = (EFI_SIGNATURE_LIST *)AllocateZeroPool (SignatureListSize);
if (SignatureList == NULL) {
SignatureListSize = 0;
goto Failed;
}
- SignatureList->SignatureHeaderSize = 0;
- SignatureList->SignatureListSize = (UINT32) SignatureListSize;
- SignatureList->SignatureSize = (UINT32) (sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
+
+ SignatureList->SignatureHeaderSize = 0;
+ SignatureList->SignatureListSize = (UINT32)SignatureListSize;
+ SignatureList->SignatureSize = (UINT32)(sizeof (EFI_SIGNATURE_DATA) - 1 + mImageDigestSize);
CopyMem (&SignatureList->SignatureType, &mCertType, sizeof (EFI_GUID));
- Signature = (EFI_SIGNATURE_DATA *) ((UINT8 *) SignatureList + sizeof (EFI_SIGNATURE_LIST));
+ Signature = (EFI_SIGNATURE_DATA *)((UINT8 *)SignatureList + sizeof (EFI_SIGNATURE_LIST));
CopyMem (Signature->SignatureData, mImageDigest, mImageDigestSize);
}
@@ -1999,7 +2032,7 @@ Failed:
AddImageExeInfo (Action, NameStr, File, SignatureList, SignatureListSize);
if (NameStr != NULL) {
DEBUG ((DEBUG_INFO, "The image doesn't pass verification: %s\n", NameStr));
- FreePool(NameStr);
+ FreePool (NameStr);
}
if (SignatureList != NULL) {
@@ -2009,6 +2042,7 @@ Failed:
if (Policy == DEFER_EXECUTE_ON_SECURITY_VIOLATION) {
return EFI_SECURITY_VIOLATION;
}
+
return EFI_ACCESS_DENIED;
}
@@ -2024,27 +2058,26 @@ Failed:
VOID
EFIAPI
OnReadyToBoot (
- IN EFI_EVENT Event,
- IN VOID *Context
+ IN EFI_EVENT Event,
+ IN VOID *Context
)
{
EFI_IMAGE_EXECUTION_INFO_TABLE *ImageExeInfoTable;
UINTN ImageExeInfoTableSize;
- EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **) &ImageExeInfoTable);
+ EfiGetSystemConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID **)&ImageExeInfoTable);
if (ImageExeInfoTable != NULL) {
return;
}
ImageExeInfoTableSize = sizeof (EFI_IMAGE_EXECUTION_INFO_TABLE);
- ImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *) AllocateRuntimePool (ImageExeInfoTableSize);
+ ImageExeInfoTable = (EFI_IMAGE_EXECUTION_INFO_TABLE *)AllocateRuntimePool (ImageExeInfoTableSize);
if (ImageExeInfoTable == NULL) {
- return ;
+ return;
}
ImageExeInfoTable->NumberOfImages = 0;
- gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *) ImageExeInfoTable);
-
+ gBS->InstallConfigurationTable (&gEfiImageSecurityDatabaseGuid, (VOID *)ImageExeInfoTable);
}
/**
@@ -2062,7 +2095,7 @@ DxeImageVerificationLibConstructor (
IN EFI_SYSTEM_TABLE *SystemTable
)
{
- EFI_EVENT Event;
+ EFI_EVENT Event;
//
// Register the event to publish the image execution table.
@@ -2075,7 +2108,7 @@ DxeImageVerificationLibConstructor (
);
return RegisterSecurity2Handler (
- DxeImageVerificationHandler,
- EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
- );
+ DxeImageVerificationHandler,
+ EFI_AUTH_OPERATION_VERIFY_IMAGE | EFI_AUTH_OPERATION_IMAGE_REQUIRED
+ );
}