From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:4001:c0b::22d; helo=mail-it0-x22d.google.com; envelope-from=ard.biesheuvel@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id B809021122E5E for ; Thu, 6 Sep 2018 10:25:34 -0700 (PDT) Received: by mail-it0-x22d.google.com with SMTP id h1-v6so15640287itj.4 for ; Thu, 06 Sep 2018 10:25:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=4pn6Sx9zI9zsrZ9RdyRcpYZkdFfVkBkJGNuIQD0QbkE=; b=Awz3vXvPIaYPJ4Rau9MmU7ib8h3Nf5woB2ye6obpW5GawPMDMFicXDvP7bl4Y2by12 V0IdyHL1JaLpJWoM2AP+ientcoYi4Nu4tJfVIkwnmHUyM96tV77zRNWr1XLIX46ZiVx6 Hx67beSZva8FKam+x+Qqs2L/MYA4UXVhsiyRI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=4pn6Sx9zI9zsrZ9RdyRcpYZkdFfVkBkJGNuIQD0QbkE=; b=JiAaWMGTTZRjCShUsbwpqmnxPfm8Wp1WSoOJJmG0F9zmQea08CizgKev1pM30kOFm6 FIGQWIIFw0RL+uE9uXJVF4uZaoxEZW+y/E4+k6gWUeygeGst3hp55JZ6eC2bL+VAXyNd ZeC1XvaXpr4GYW0P6Y3273FGjHKeTseeJq/IE0wlPFGkxzWT7IcyT2NBOEAM35HecxbB aOtbQp6I9Vm1s/n/trN+bQnfkGv99lVAIcb+aePfmGJHYSouuN9qbcWUjMU2iVQgJvaH WHTiG8orsZ7ECWWD1h6vFvAVqOGxImZZhh0R9iIygag0tNNJEozXr3pt5JKBj8M4/YN6 Gf1Q== X-Gm-Message-State: APzg51A6OURPolL7s0qPDuq8V21KY+I1IX4CC7y4FtKT6VyjZeUzmshC 7tYcZK7g5FQPhH4mQCwHJR4B7sWh0Bz6Uxp4SH8aig== X-Google-Smtp-Source: ANB0VdZ7am081Dev8C2HxmGRJubWJjA5QSb5I/T8Y975324DCGSGi5jH6yi6ePSNeThIYt6K/op7VB3ZaOESMrGuBMU= X-Received: by 2002:a6b:be83:: with SMTP id o125-v6mr2755536iof.173.1536254733647; Thu, 06 Sep 2018 10:25:33 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a6b:1c06:0:0:0:0:0 with HTTP; Thu, 6 Sep 2018 10:25:33 -0700 (PDT) In-Reply-To: <22163ca3-78c7-3bbe-2fb8-453f847ed69f@redhat.com> References: <20180906134523.2036-1-ard.biesheuvel@linaro.org> <20180906134523.2036-4-ard.biesheuvel@linaro.org> <22163ca3-78c7-3bbe-2fb8-453f847ed69f@redhat.com> From: Ard Biesheuvel Date: Thu, 6 Sep 2018 19:25:33 +0200 Message-ID: To: Laszlo Ersek Cc: "edk2-devel@lists.01.org" , Liming Gao , Jiewen Yao , Star Zeng , Michael D Kinney , Chao Zhang Subject: Re: [PATCH 3/4] SecurityPkg: remove PE/COFF header workaround for ELILO on IPF X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Sep 2018 17:25:35 -0000 Content-Type: text/plain; charset="UTF-8" On 6 September 2018 at 18:47, Laszlo Ersek wrote: > On 09/06/18 15:45, Ard Biesheuvel wrote: >> Now that Itanium support has been dropped, we can remove the various >> occurrences of the ELILO on Itanium PE/COFF header workaround. >> >> Link: https://bugzilla.tianocore.org/show_bug.cgi?id=816 >> Contributed-under: TianoCore Contribution Agreement 1.1 >> Signed-off-by: Ard Biesheuvel >> --- >> SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 47 ++++---------------- >> SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c | 27 +++-------- >> SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c | 27 +++-------- >> SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c | 25 +++-------- >> 4 files changed, 25 insertions(+), 101 deletions(-) >> >> diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c >> index 0f795c0af125..66d96a9396b9 100644 >> --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c >> +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c >> @@ -295,7 +295,6 @@ HashPeImage ( >> ) >> { >> BOOLEAN Status; >> - UINT16 Magic; >> EFI_IMAGE_SECTION_HEADER *Section; >> VOID *HashCtx; >> UINTN CtxSize; >> @@ -367,33 +366,19 @@ HashPeImage ( >> // Measuring PE/COFF Image Header; >> // But CheckSum field and SECURITY data directory (certificate) are excluded >> // >> - if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> - // >> - // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value >> - // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the >> - // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC >> - // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC >> - // >> - Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC; >> - } else { >> - // >> - // Get the magic value from the PE/COFF Optional Header >> - // >> - Magic = mNtHeader.Pe32->OptionalHeader.Magic; >> - } >> >> // >> // 3. Calculate the distance from the base of the image header to the image checksum address. >> // 4. Hash the image header from its base to beginning of the image checksum. >> // >> HashBase = mImageBase; >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> HashSize = (UINTN) (&mNtHeader.Pe32->OptionalHeader.CheckSum) - (UINTN) HashBase; >> NumberOfRvaAndSizes = mNtHeader.Pe32->OptionalHeader.NumberOfRvaAndSizes; >> - } else if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { >> + } else if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC) { >> // >> // Use PE32+ offset. >> // >> @@ -420,7 +405,7 @@ HashPeImage ( >> // 6. Since there is no Cert Directory in optional header, hash everything >> // from the end of the checksum to the end of image header. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> @@ -444,7 +429,7 @@ HashPeImage ( >> // >> // 7. Hash everything from the end of the checksum to the start of the Cert Directory. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> @@ -469,7 +454,7 @@ HashPeImage ( >> // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) >> // 9. Hash everything from the end of the Cert Directory to the end of image header. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset >> // >> @@ -494,7 +479,7 @@ HashPeImage ( >> // >> // 10. Set the SUM_OF_BYTES_HASHED to the size of the header. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> @@ -577,7 +562,7 @@ HashPeImage ( >> if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { >> CertSize = 0; >> } else { >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> @@ -1583,7 +1568,6 @@ DxeImageVerificationHandler ( >> ) >> { >> EFI_STATUS Status; >> - UINT16 Magic; >> EFI_IMAGE_DOS_HEADER *DosHdr; >> EFI_STATUS VerifyStatus; >> EFI_SIGNATURE_LIST *SignatureList; >> @@ -1723,22 +1707,7 @@ DxeImageVerificationHandler ( >> goto Done; >> } >> >> - if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> - // >> - // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value >> - // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the >> - // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC >> - // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC >> - // >> - Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC; >> - } else { >> - // >> - // Get the magic value from the PE/COFF Optional Header >> - // >> - Magic = mNtHeader.Pe32->OptionalHeader.Magic; >> - } >> - >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> diff --git a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c >> index c54ab62e2745..4e4a90f9da62 100644 >> --- a/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c >> +++ b/SecurityPkg/Library/DxeTpmMeasureBootLib/DxeTpmMeasureBootLib.c >> @@ -320,7 +320,6 @@ TcgMeasurePeImage ( >> EFI_IMAGE_SECTION_HEADER *SectionHeader; >> UINTN Index; >> UINTN Pos; >> - UINT16 Magic; >> UINT32 EventSize; >> UINT32 EventNumber; >> EFI_PHYSICAL_ADDRESS EventLogLastEntry; >> @@ -418,27 +417,13 @@ TcgMeasurePeImage ( >> // Measuring PE/COFF Image Header; >> // But CheckSum field and SECURITY data directory (certificate) are excluded >> // >> - if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> - // >> - // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value >> - // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the >> - // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC >> - // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC >> - // >> - Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC; >> - } else { >> - // >> - // Get the magic value from the PE/COFF Optional Header >> - // >> - Magic = Hdr.Pe32->OptionalHeader.Magic; >> - } >> >> // >> // 3. Calculate the distance from the base of the image header to the image checksum address. >> // 4. Hash the image header from its base to beginning of the image checksum. >> // >> HashBase = (UINT8 *) (UINTN) ImageAddress; >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset >> // >> @@ -465,7 +450,7 @@ TcgMeasurePeImage ( >> // 6. Since there is no Cert Directory in optional header, hash everything >> // from the end of the checksum to the end of image header. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> @@ -489,7 +474,7 @@ TcgMeasurePeImage ( >> // >> // 7. Hash everything from the end of the checksum to the start of the Cert Directory. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset >> // >> @@ -514,7 +499,7 @@ TcgMeasurePeImage ( >> // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) >> // 9. Hash everything from the end of the Cert Directory to the end of image header. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset >> // >> @@ -539,7 +524,7 @@ TcgMeasurePeImage ( >> // >> // 10. Set the SUM_OF_BYTES_HASHED to the size of the header >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset >> // >> @@ -621,7 +606,7 @@ TcgMeasurePeImage ( >> if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { >> CertSize = 0; >> } else { >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> diff --git a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c >> index 29da2d70e699..61195e6041f7 100644 >> --- a/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c >> +++ b/SecurityPkg/Tcg/Tcg2Dxe/MeasureBootPeCoff.c >> @@ -116,7 +116,6 @@ MeasurePeImageAndExtend ( >> EFI_IMAGE_SECTION_HEADER *SectionHeader; >> UINTN Index; >> UINTN Pos; >> - UINT16 Magic; >> EFI_IMAGE_OPTIONAL_HEADER_PTR_UNION Hdr; >> UINT32 NumberOfRvaAndSizes; >> UINT32 CertSize; >> @@ -181,27 +180,13 @@ MeasurePeImageAndExtend ( >> // Measuring PE/COFF Image Header; >> // But CheckSum field and SECURITY data directory (certificate) are excluded >> // >> - if (Hdr.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && Hdr.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> - // >> - // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value >> - // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the >> - // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC >> - // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC >> - // >> - Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC; >> - } else { >> - // >> - // Get the magic value from the PE/COFF Optional Header >> - // >> - Magic = Hdr.Pe32->OptionalHeader.Magic; >> - } >> >> // >> // 3. Calculate the distance from the base of the image header to the image checksum address. >> // 4. Hash the image header from its base to beginning of the image checksum. >> // >> HashBase = (UINT8 *) (UINTN) ImageAddress; >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { > > I think this is a bug. Here "Magic" used to be set based on "Hdr.Pe32->OptionalHeader.Magic", not based on "mNtHeader.Pe32->OptionalHeader.Magic". > > And, I'm not convinced (mNtHeader.Pe32 == Hdr.Pe32). In earlier parts of this function, "Hdr.Pe32" is set as follows: > > Hdr.Pe32 = (EFI_IMAGE_NT_HEADERS32 *)((UINT8 *) (UINTN) ImageAddress + PeCoffHeaderOffset); > > where "ImageAddress" is an input parameter to the function. > > I wonder why this code compiles; no "mNtHeader" declaration should be in scope here. > > $ git grep -w -l mNtHeader > > SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c > SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c > > More of the same below: > >> // >> // Use PE32 offset >> // >> @@ -228,7 +213,7 @@ MeasurePeImageAndExtend ( >> // 6. Since there is no Cert Directory in optional header, hash everything >> // from the end of the checksum to the end of image header. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> @@ -252,7 +237,7 @@ MeasurePeImageAndExtend ( >> // >> // 7. Hash everything from the end of the checksum to the start of the Cert Directory. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset >> // >> @@ -277,7 +262,7 @@ MeasurePeImageAndExtend ( >> // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) >> // 9. Hash everything from the end of the Cert Directory to the end of image header. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset >> // >> @@ -302,7 +287,7 @@ MeasurePeImageAndExtend ( >> // >> // 10. Set the SUM_OF_BYTES_HASHED to the size of the header >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset >> // >> @@ -384,7 +369,7 @@ MeasurePeImageAndExtend ( >> if (NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) { >> CertSize = 0; >> } else { >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // > > Until here. > Ah yes. Thanks for spotting that. > For build-testing, I suggest > > build -p SecurityPkg/SecurityPkg.dsc ... > > It will build all SecurityPkg modules, without putting them in a flash device (FD). > That is what I used to perform the build test, which completed without error. But the logic is indeed incorrect. > The rest looks good to me. > Thanks >> diff --git a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c >> index 9acaa7b97507..f96325e978a5 100644 >> --- a/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c >> +++ b/SecurityPkg/VariableAuthenticated/SecureBootConfigDxe/SecureBootConfigImpl.c >> @@ -1831,7 +1831,6 @@ HashPeImage ( >> ) >> { >> BOOLEAN Status; >> - UINT16 Magic; >> EFI_IMAGE_SECTION_HEADER *Section; >> VOID *HashCtx; >> UINTN CtxSize; >> @@ -1874,27 +1873,13 @@ HashPeImage ( >> // Measuring PE/COFF Image Header; >> // But CheckSum field and SECURITY data directory (certificate) are excluded >> // >> - if (mNtHeader.Pe32->FileHeader.Machine == IMAGE_FILE_MACHINE_IA64 && mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> - // >> - // NOTE: Some versions of Linux ELILO for Itanium have an incorrect magic value >> - // in the PE/COFF Header. If the MachineType is Itanium(IA64) and the >> - // Magic value in the OptionalHeader is EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC >> - // then override the magic value to EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC >> - // >> - Magic = EFI_IMAGE_NT_OPTIONAL_HDR64_MAGIC; >> - } else { >> - // >> - // Get the magic value from the PE/COFF Optional Header >> - // >> - Magic = mNtHeader.Pe32->OptionalHeader.Magic; >> - } >> >> // >> // 3. Calculate the distance from the base of the image header to the image checksum address. >> // 4. Hash the image header from its base to beginning of the image checksum. >> // >> HashBase = mImageBase; >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> @@ -1915,7 +1900,7 @@ HashPeImage ( >> // 6. Get the address of the beginning of the Cert Directory. >> // 7. Hash everything from the end of the checksum to the start of the Cert Directory. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> @@ -1937,7 +1922,7 @@ HashPeImage ( >> // 8. Skip over the Cert Directory. (It is sizeof(IMAGE_DATA_DIRECTORY) bytes.) >> // 9. Hash everything from the end of the Cert Directory to the end of image header. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset >> // >> @@ -1958,7 +1943,7 @@ HashPeImage ( >> // >> // 10. Set the SUM_OF_BYTES_HASHED to the size of the header. >> // >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> @@ -2032,7 +2017,7 @@ HashPeImage ( >> // >> if (mImageSize > SumOfBytesHashed) { >> HashBase = mImageBase + SumOfBytesHashed; >> - if (Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> + if (mNtHeader.Pe32->OptionalHeader.Magic == EFI_IMAGE_NT_OPTIONAL_HDR32_MAGIC) { >> // >> // Use PE32 offset. >> // >> >