| Message ID | 1431105413-21709-1-git-send-email-ard.biesheuvel@linaro.org |
|---|---|
| State | New |
| Headers | show |
On 11 May 2015 at 03:21, Zhang, Chao B <chao.b.zhang@intel.com> wrote: > Ard : > It looks good to me. > Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> > Thank you Chao! Would you mind committing it yourself? This is not part of a series, and I don't have permissions. Regards, Ard. > > > > > Thanks & Best regards > Chao Zhang > > > -----Original Message----- > From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] > Sent: Saturday, May 09, 2015 1:17 AM > To: Zhang, Chao B; edk2-devel@lists.sourceforge.net > Cc: lersek@redhat.com; roy.franz@linaro.org; leif.lindholm@linaro.org; Ard Biesheuvel > Subject: [PATCH] SecurityPkg: allow image digest enrollment of non-Intel binaries > > This updates the SecureBootConfigDxe component to allow the enrollment of the digests of EFI executable that are built for ARM or AARCH64. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> > --- > .../SecureBootConfigDxe/SecureBootConfigImpl.c | 8 +++++--- > 1 file changed, 5 insertions(+), 3 deletions(-) > > diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c > index 1d730dc288fc..e43c6e0ee7e2 100644 > --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c > +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootCo > +++ nfigImpl.c > @@ -1643,15 +1643,17 @@ LoadPeImage ( > // Note the size of FileHeader field is constant for both IA32 and X64 arch > // > if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32) > - || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC)) { > + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC) > + || (NtHeader32->FileHeader.Machine == > + EFI_IMAGE_MACHINE_ARMTHUMB_MIXED)) { > // > - // IA-32 Architecture > + // 32-bits Architecture > // > mImageType = ImageType_IA32; > mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]); > } > else if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA64) > - || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64)) { > + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64) > + || (NtHeader32->FileHeader.Machine == > + EFI_IMAGE_MACHINE_AARCH64)) { > // > // 64-bits Architecture > // > -- > 1.9.1 > ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
On 11 May 2015 at 07:54, Zhang, Chao B <chao.b.zhang@intel.com> wrote: > Ard: > Is this check-log OK for you. > SecurityPkg: Update SecureBootConfigDxe to support ARM image > > Update SecureBootConfigDxe component to allow the enrollment of > the digests of EFI executable that are built for ARM or AARCH64. > > Contributed-under: TianoCore Contribution Agreement 1.0 > Signed-off-by: Ard Biesheuvel <biesheuvel@linaro.org> > Reviewed- by: Chao Zhang <chao.b.zhang@intel.com> > My email address is incorrect, it should be <ard.biesheuvel@linaro.org>. Also, better remove the space in "Reviewed-_by" Thanks, Ard,. > -----Original Message----- > From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] > Sent: Monday, May 11, 2015 1:23 PM > To: Zhang, Chao B > Cc: edk2-devel@lists.sourceforge.net; lersek@redhat.com; roy.franz@linaro.org; leif.lindholm@linaro.org > Subject: Re: [PATCH] SecurityPkg: allow image digest enrollment of non-Intel binaries > > On 11 May 2015 at 03:21, Zhang, Chao B <chao.b.zhang@intel.com> wrote: >> Ard : >> It looks good to me. >> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com> >> > > Thank you Chao! > > Would you mind committing it yourself? This is not part of a series, and I don't have permissions. > > Regards, > Ard. > > >> >> >> >> >> Thanks & Best regards >> Chao Zhang >> >> >> -----Original Message----- >> From: Ard Biesheuvel [mailto:ard.biesheuvel@linaro.org] >> Sent: Saturday, May 09, 2015 1:17 AM >> To: Zhang, Chao B; edk2-devel@lists.sourceforge.net >> Cc: lersek@redhat.com; roy.franz@linaro.org; leif.lindholm@linaro.org; >> Ard Biesheuvel >> Subject: [PATCH] SecurityPkg: allow image digest enrollment of >> non-Intel binaries >> >> This updates the SecureBootConfigDxe component to allow the enrollment of the digests of EFI executable that are built for ARM or AARCH64. >> >> Contributed-under: TianoCore Contribution Agreement 1.0 >> Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> >> --- >> .../SecureBootConfigDxe/SecureBootConfigImpl.c | 8 +++++--- >> 1 file changed, 5 insertions(+), 3 deletions(-) >> >> diff --git >> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf >> igImpl.c >> b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf >> igImpl.c index 1d730dc288fc..e43c6e0ee7e2 100644 >> --- >> a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConf >> igImpl.c >> +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBoot >> +++ Co >> +++ nfigImpl.c >> @@ -1643,15 +1643,17 @@ LoadPeImage ( >> // Note the size of FileHeader field is constant for both IA32 and X64 arch >> // >> if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32) >> - || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC)) { >> + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC) >> + || (NtHeader32->FileHeader.Machine == >> + EFI_IMAGE_MACHINE_ARMTHUMB_MIXED)) { >> // >> - // IA-32 Architecture >> + // 32-bits Architecture >> // >> mImageType = ImageType_IA32; >> mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]); >> } >> else if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA64) >> - || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64)) { >> + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64) >> + || (NtHeader32->FileHeader.Machine == >> + EFI_IMAGE_MACHINE_AARCH64)) { >> // >> // 64-bits Architecture >> // >> -- >> 1.9.1 >> ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c index 1d730dc288fc..e43c6e0ee7e2 100644 --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c @@ -1643,15 +1643,17 @@ LoadPeImage ( // Note the size of FileHeader field is constant for both IA32 and X64 arch // if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA32) - || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC)) { + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_EBC) + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_ARMTHUMB_MIXED)) { // - // IA-32 Architecture + // 32-bits Architecture // mImageType = ImageType_IA32; mSecDataDir = (EFI_IMAGE_SECURITY_DATA_DIRECTORY*) &(NtHeader32->OptionalHeader.DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY]); } else if ((NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_IA64) - || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64)) { + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_X64) + || (NtHeader32->FileHeader.Machine == EFI_IMAGE_MACHINE_AARCH64)) { // // 64-bits Architecture //
This updates the SecureBootConfigDxe component to allow the enrollment of the digests of EFI executable that are built for ARM or AARCH64. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> --- .../SecureBootConfigDxe/SecureBootConfigImpl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)