From: Ivan Gorinov <ivan.gorinov@intel.com>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH] efi_loader: Check machine type in the image header
Date: Wed, 4 Apr 2018 14:59:44 -0700 [thread overview]
Message-ID: <20180404215944.GA50001@intel.com> (raw)
Check FileHeader.Machine to make sure the EFI executable image is built
for the same architecture. After this change, 32-bit U-Boot on x86 will
print an error message instead of loading an x86_64 image and crashing.
Signed-off-by: Ivan Gorinov <ivan.gorinov@intel.com>
---
include/pe.h | 1 +
lib/efi_loader/efi_image_loader.c | 13 +++++++++++++
2 files changed, 14 insertions(+)
diff --git a/include/pe.h b/include/pe.h
index c3a19ce..2435069 100644
--- a/include/pe.h
+++ b/include/pe.h
@@ -38,6 +38,7 @@ typedef struct _IMAGE_DOS_HEADER {
#define IMAGE_DOS_SIGNATURE 0x5A4D /* MZ */
#define IMAGE_NT_SIGNATURE 0x00004550 /* PE00 */
+#define IMAGE_FILE_MACHINE_INTEL386 0x014c
#define IMAGE_FILE_MACHINE_ARM 0x01c0
#define IMAGE_FILE_MACHINE_THUMB 0x01c2
#define IMAGE_FILE_MACHINE_ARMNT 0x01c4
diff --git a/lib/efi_loader/efi_image_loader.c b/lib/efi_loader/efi_image_loader.c
index 74c6a9f..9b4db62 100644
--- a/lib/efi_loader/efi_image_loader.c
+++ b/lib/efi_loader/efi_image_loader.c
@@ -126,15 +126,23 @@ void *efi_load_pe(void *efi, struct efi_loaded_image *loaded_image_info)
void *entry;
uint64_t image_size;
unsigned long virt_size = 0;
+ int machine_type = 0;
bool can_run_nt64 = true;
bool can_run_nt32 = true;
#if defined(CONFIG_ARM64)
+ machine_type = IMAGE_FILE_MACHINE_ARM64;
can_run_nt32 = false;
#elif defined(CONFIG_ARM)
can_run_nt64 = false;
#endif
+#if defined(CONFIG_X86_64)
+ machine_type = IMAGE_FILE_MACHINE_AMD64;
+#elif defined(CONFIG_X86)
+ machine_type = IMAGE_FILE_MACHINE_INTEL386;
+#endif
+
dos = efi;
if (dos->e_magic != IMAGE_DOS_SIGNATURE) {
printf("%s: Invalid DOS Signature\n", __func__);
@@ -147,6 +155,11 @@ void *efi_load_pe(void *efi, struct efi_loaded_image *loaded_image_info)
return NULL;
}
+ if (machine_type && nt->FileHeader.Machine != machine_type) {
+ printf("%s: Incorrect machine type\n", __func__);
+ return NULL;
+ }
+
/* Calculate upper virtual address boundary */
num_sections = nt->FileHeader.NumberOfSections;
sections = (void *)&nt->OptionalHeader +
--
2.7.4
next reply other threads:[~2018-04-04 21:59 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-04 21:59 Ivan Gorinov [this message]
2018-04-04 23:59 ` [U-Boot] [PATCH] efi_loader: Check machine type in the image header Heinrich Schuchardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180404215944.GA50001@intel.com \
--to=ivan.gorinov@intel.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.