Add the beginning of .sbat parsing stuff

Signed-off-by: Peter Jones <[email protected]>
jsjgruber · Feb 13, 2021 · 16732ad · 16732ad
1 parent 19f3b31
commit 16732ad
Show file tree

Hide file tree

Showing 6 changed files with 68 additions and 26 deletions.
diff --git a/Makefile b/Makefile
@@ -33,12 +33,12 @@ CFLAGS += -DENABLE_SHIM_CERT
 else
 TARGETS += $(MMNAME) $(FBNAME)
 endif
-OBJS	= shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o pe.o
+OBJS	= shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o
 KEYS	= shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
-ORIG_SOURCES	= shim.c mok.c netboot.c replacements.c tpm.c errlog.c pe.c shim.h version.h $(wildcard include/*.h)
-MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat.o
+ORIG_SOURCES	= shim.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c shim.h version.h $(wildcard include/*.h)
+MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o
 ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h)
-FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat.o
+FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o
 ORIG_FALLBACK_SRCS = fallback.c
 SBATPATH = data/sbat.csv
 
@@ -91,9 +91,9 @@ sbat.%.csv : data/sbat.%.csv
 
 VENDOR_SBATS := $(foreach x,$(wildcard data/sbat.*.csv),$(notdir $(x)))
 
-sbat.o : | $(SBATPATH) $(VENDOR_SBATS)
-sbat.o : $(TOPDIR)/sbat.c
-	$(CC) $(CFLAGS) -c -o $@ $<
+sbat_data.o : | $(SBATPATH) $(VENDOR_SBATS)
+sbat_data.o : /dev/null
+	$(CC) $(CFLAGS) -x c -c -o $@ $<
 	$(OBJCOPY) --add-section .sbat=$(SBATPATH) $@
 	$(foreach vs,$(VENDOR_SBATS),$(call add-vendor-sbat,$(vs),$@))
 

diff --git a/include/sbat.h b/include/sbat.h
@@ -0,0 +1,10 @@
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * sbat.c - parse SBAT data from the .rsrc section data
+ */
+
+#ifndef SBAT_H_
+#define SBAT_H_
+
+#endif /* !SBAT_H_ */
+// vim:fenc=utf-8:tw=75:noet
diff --git a/pe.c b/pe.c
@@ -874,22 +874,6 @@ handle_image (void *data, unsigned int datasize,
 	}
 #endif
 
-	if (secure_mode ()) {
-		efi_status = verify_buffer(data, datasize, &context,
-					   sha256hash, sha1hash);
-
-		if (EFI_ERROR(efi_status)) {
-			if (verbose)
-				console_print(L"Verification failed: %r\n", efi_status);
-			else
-				console_error(L"Verification failed", efi_status);
-			return efi_status;
-		} else {
-			if (verbose)
-				console_print(L"Verification succeeded\n");
-		}
-	}
-
 	/* The spec says, uselessly, of SectionAlignment:
 	 * =====
 	 * The alignment (in bytes) of sections when they are loaded into
@@ -946,6 +930,9 @@ handle_image (void *data, unsigned int datasize,
 
 	EFI_IMAGE_SECTION_HEADER *RelocSection = NULL;
 
+	char *SBATBase = NULL;
+	size_t SBATSize = 0;
+
 	/*
 	 * Copy the executable's sections to their desired offsets
 	 */
@@ -990,6 +977,27 @@ handle_image (void *data, unsigned int datasize,
 					RelocBaseEnd == end) {
 				RelocSection = Section;
 			}
+		} else if (CompareMem(Section->Name, ".sbat\0\0\0", 8) == 0) {
+			if (SBATBase || SBATSize) {
+				perror(L"Image has multiple resource sections\n");
+				return EFI_UNSUPPORTED;
+			}
+
+			if (Section->NumberOfRelocations != 0 ||
+			    Section->PointerToRelocations != 0) {
+				perror(L"SBAT section has relocations\n");
+				return EFI_UNSUPPORTED;
+			}
+
+			/* If it has nonzero size, and our bounds check made
+			 * sense, sizes match, then we believe it's okay. */
+			if (Section->SizeOfRawData &&
+			    Section->SizeOfRawData == Section->Misc.VirtualSize &&
+			    base && end) {
+				SBATBase = base;
+				/* +1 because of size vs last byte location */
+				SBATSize = end - base + 1;
+			}
 		}
 
 		if (Section->Characteristics & EFI_IMAGE_SCN_MEM_DISCARDABLE) {
@@ -1030,6 +1038,22 @@ handle_image (void *data, unsigned int datasize,
 		}
 	}
 
+	if (secure_mode ()) {
+		efi_status = verify_buffer(data, datasize,
+					   &context, sha256hash, sha1hash);
+
+		if (EFI_ERROR(efi_status)) {
+			if (verbose)
+				console_print(L"Verification failed: %r\n", efi_status);
+			else
+				console_error(L"Verification failed", efi_status);
+			return efi_status;
+		} else {
+			if (verbose)
+				console_print(L"Verification succeeded\n");
+		}
+	}
+
 	if (context.NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC) {
 		perror(L"Image has no relocation entry\n");
 		FreePool(buffer);
@@ -1075,5 +1099,4 @@ handle_image (void *data, unsigned int datasize,
 	return EFI_SUCCESS;
 }
 
-
 // vim:fenc=utf-8:tw=75:noet
diff --git a/sbat.c b/sbat.c
@@ -0,0 +1,8 @@
+// SPDX-License-Identifier: BSD-2-Clause-Patent
+/*
+ * sbat.c - parse SBAT data from the .sbat section data
+ */
+
+#include "shim.h"
+
+// vim:fenc=utf-8:tw=75:noet
diff --git a/shim.c b/shim.c
@@ -1052,8 +1052,8 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
 		goto done;
 	}
 
-	efi_status = verify_buffer(buffer, size, &context,
-				   sha256hash, sha1hash);
+	efi_status = verify_buffer(buffer, size,
+				   &context, sha256hash, sha1hash);
 done:
 	in_protocol = 0;
 	return efi_status;

diff --git a/shim.h b/shim.h
@@ -146,6 +146,7 @@
 #include "include/tpm.h"
 #include "include/ucs2.h"
 #include "include/variables.h"
+#include "include/sbat.h"
 
 #include "version.h"