OpenCore  1.0.4
OpenCore Bootloader
Loading...
Searching...
No Matches
OcPeCoffExtLib.c
Go to the documentation of this file.
1
22#include <Base.h>
23#include <Uefi.h>
24#include <Library/DebugLib.h>
25#include <Library/BaseLib.h>
26#include <Library/BaseMemoryLib.h>
27#include <Library/BaseOverflowLib.h>
28#include <Library/PeCoffLib2.h>
29#include <Library/UefiRuntimeServicesTableLib.h>
30#include <Library/UefiBootServicesTableLib.h>
31#include <Library/MemoryAllocationLib.h>
32#include <Library/PrintLib.h>
33#include <Library/UefiLib.h>
34#include <Library/OcCryptoLib.h>
35#include <Library/OcAppleKeysLib.h>
36#include <Library/OcStringLib.h>
37#include <Guid/AppleCertificate.h>
38
39#include "OcPeCoffExtInternal.h"
40
41STATIC
42RETURN_STATUS
43PeCoffGetSecurityDirectoryEntry (
44 IN PE_COFF_LOADER_IMAGE_CONTEXT *Context,
45 IN UINT32 FileSize,
46 OUT CONST EFI_IMAGE_DATA_DIRECTORY **DirectoryEntry
47 )
48{
49 CONST EFI_IMAGE_NT_HEADERS32 *Pe32Hdr;
50 CONST EFI_IMAGE_NT_HEADERS64 *Pe32PlusHdr;
51 UINT32 EntryTop;
52 BOOLEAN Result;
53
54 ASSERT (Context != NULL);
55 ASSERT (DirectoryEntry != NULL);
56
57 switch (Context->ImageType) {
58 case PeCoffLoaderTypePe32:
59 Pe32Hdr = (CONST EFI_IMAGE_NT_HEADERS32 *)(CONST VOID *)(
60 (CONST CHAR8 *)Context->FileBuffer + Context->ExeHdrOffset
61 );
62
63 if (Pe32Hdr->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
64 return RETURN_UNSUPPORTED;
65 }
66
67 *DirectoryEntry = &Pe32Hdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
68 break;
69
70 case PeCoffLoaderTypePe32Plus:
71 Pe32PlusHdr = (CONST EFI_IMAGE_NT_HEADERS64 *)(CONST VOID *)(
72 (CONST CHAR8 *)Context->FileBuffer + Context->ExeHdrOffset
73 );
74
75 if (Pe32PlusHdr->NumberOfRvaAndSizes <= EFI_IMAGE_DIRECTORY_ENTRY_SECURITY) {
76 return RETURN_UNSUPPORTED;
77 }
78
79 *DirectoryEntry = &Pe32PlusHdr->DataDirectory[EFI_IMAGE_DIRECTORY_ENTRY_SECURITY];
80 break;
81
82 default:
83 //
84 // TE entries do not have SecDir.
85 //
86 return RETURN_INVALID_PARAMETER;
87 }
88
89 //
90 // Security entry must be outside of the headers.
91 //
92 if ((*DirectoryEntry)->VirtualAddress < Context->SizeOfHeaders) {
93 return RETURN_INVALID_PARAMETER;
94 }
95
96 Result = BaseOverflowAddU32 (
97 (*DirectoryEntry)->VirtualAddress,
98 (*DirectoryEntry)->Size,
99 &EntryTop
100 );
101 if (Result || (EntryTop > FileSize)) {
102 return RETURN_INVALID_PARAMETER;
103 }
104
105 return RETURN_SUCCESS;
106}
107
108STATIC
109EFI_STATUS
110PeCoffGetAppleCertificateInfo (
111 IN PE_COFF_LOADER_IMAGE_CONTEXT *Context,
112 IN UINT32 FileSize,
113 OUT APPLE_EFI_CERTIFICATE_INFO **CertInfo,
114 OUT UINT32 *SecDirOffset,
115 OUT UINT32 *SignedFileSize
116 )
117{
118 EFI_STATUS Status;
119 CONST EFI_IMAGE_DATA_DIRECTORY *SecDir;
120 UINT32 EndOffset;
121
122 Status = PeCoffGetSecurityDirectoryEntry (
123 Context,
124 FileSize,
125 &SecDir
126 );
127 if (EFI_ERROR (Status)) {
128 DEBUG ((DEBUG_INFO, "OCPE: PeCoff has no SecDir - %r\n", Status));
129 return EFI_NOT_FOUND;
130 }
131
132 *SecDirOffset = (UINT32)((UINT8 *)SecDir - (UINT8 *)Context->FileBuffer);
133
134 if (SecDir->Size != sizeof (APPLE_EFI_CERTIFICATE_INFO)) {
135 DEBUG ((DEBUG_INFO, "OCPE: Certificate info size mismatch\n"));
136 return EFI_UNSUPPORTED;
137 }
138
139 if (!BASE_TYPE_ALIGNED (APPLE_EFI_CERTIFICATE_INFO, SecDir->VirtualAddress)) {
140 DEBUG ((DEBUG_INFO, "OCPE: Certificate info is misaligned %X\n", SecDir->VirtualAddress));
141 return EFI_UNSUPPORTED;
142 }
143
144 //
145 // Obtain certificate info.
146 //
147 *CertInfo = (APPLE_EFI_CERTIFICATE_INFO *)(
148 (UINT8 *)Context->FileBuffer + SecDir->VirtualAddress
149 );
150 if ( BaseOverflowAddU32 ((*CertInfo)->CertOffset, (*CertInfo)->CertSize, &EndOffset)
151 || (EndOffset > FileSize))
152 {
153 DEBUG ((DEBUG_INFO, "OCPE: Certificate entry is beyond file area\n"));
154 return EFI_INVALID_PARAMETER;
155 }
156
157 //
158 // Update signed file size to signature location.
159 //
160 *SignedFileSize = SecDir->VirtualAddress;
161
162 return EFI_SUCCESS;
163}
164
165STATIC
166EFI_STATUS
167PeCoffGetAppleSignature (
168 IN PE_COFF_LOADER_IMAGE_CONTEXT *Context,
169 IN APPLE_EFI_CERTIFICATE_INFO *CertInfo,
170 OUT APPLE_SIGNATURE_CONTEXT *SignatureContext
171 )
172{
173 UINTN Index;
174 UINT8 PublicKeyHash[SHA256_DIGEST_SIZE];
175 APPLE_EFI_CERTIFICATE *Cert;
176
177 //
178 // Check that certificate is expected.
179 //
180 if (CertInfo->CertSize != sizeof (APPLE_EFI_CERTIFICATE)) {
181 DEBUG ((DEBUG_INFO, "OCPE: Certificate has invalid size %u\n", CertInfo->CertSize));
182 return EFI_UNSUPPORTED;
183 }
184
185 if (!BASE_TYPE_ALIGNED (APPLE_EFI_CERTIFICATE, CertInfo->CertOffset)) {
186 DEBUG ((DEBUG_INFO, "OCPE: Certificate is misaligned %X\n", CertInfo->CertOffset));
187 return EFI_UNSUPPORTED;
188 }
189
190 //
191 // Extract signature directory
192 //
193 Cert = (APPLE_EFI_CERTIFICATE *)(
194 (UINT8 *)Context->FileBuffer + CertInfo->CertOffset
195 );
196
197 //
198 // Compare size of signature directory with value from PE SecDir header
199 //
200 if (CertInfo->CertSize != Cert->CertSize) {
201 DEBUG ((DEBUG_INFO, "OCPE: Certificate size mismatch %u vs %u\n", CertInfo->CertSize, Cert->CertSize));
202 return EFI_UNSUPPORTED;
203 }
204
205 //
206 // Verify certificate type
207 //
208 if (Cert->CertType != APPLE_EFI_CERTIFICATE_TYPE) {
209 DEBUG ((DEBUG_INFO, "OCPE: Unknown certificate type %u\n", Cert->CertType));
210 return EFI_UNSUPPORTED;
211 }
212
213 //
214 // Verify certificate GUID
215 //
216 if (!CompareGuid (&Cert->AppleSignatureGuid, &gAppleEfiCertificateGuid)) {
217 DEBUG ((DEBUG_INFO, "OCPE: Unknown certificate signature %g\n", Cert->AppleSignatureGuid));
218 return EFI_UNSUPPORTED;
219 }
220
221 //
222 // Verify HashType == Rsa2048Sha256
223 //
224 if (!CompareGuid (&Cert->CertData.HashType, &gEfiCertTypeRsa2048Sha256Guid)) {
225 DEBUG ((DEBUG_INFO, "OCPE: Unknown certificate hash %g\n", Cert->CertData.HashType));
226 return EFI_UNSUPPORTED;
227 }
228
229 //
230 // Calculate public key hash and find it.
231 //
232 Sha256 (
233 PublicKeyHash,
234 Cert->CertData.PublicKey,
235 sizeof (Cert->CertData.PublicKey)
236 );
237
238 //
239 // Verify public key existence in the database and store it in the context.
240 //
241 for (Index = 0; Index < NUM_OF_PK; ++Index) {
242 if (CompareMem (PkDataBase[Index].Hash, PublicKeyHash, sizeof (PublicKeyHash)) == 0) {
243 SignatureContext->PublicKey = (OC_RSA_PUBLIC_KEY *)PkDataBase[Index].PublicKey;
244 break;
245 }
246 }
247
248 if (Index == NUM_OF_PK) {
249 DEBUG ((DEBUG_INFO, "OCPE: Unknown publickey or malformed certificate\n"));
250 return EFI_UNSUPPORTED;
251 }
252
253 //
254 // Convert signature to big endian and store it in the context as well.
255 //
256 for (Index = 0; Index < sizeof (Cert->CertData.PublicKey); Index++) {
257 SignatureContext->Signature[sizeof (Cert->CertData.PublicKey) - 1 - Index]
258 = Cert->CertData.Signature[Index];
259 }
260
261 return EFI_SUCCESS;
262}
263
264STATIC
265EFI_STATUS
266PeCoffSanitiseAppleImage (
267 IN PE_COFF_LOADER_IMAGE_CONTEXT *Context,
268 IN UINT32 SecDirOffset,
269 IN UINT32 SignedFileSize,
270 IN UINT32 FileSize
271 )
272{
273 //
274 // While TE files cannot technically have SecDir,
275 // one might add more PE types in the future technically.
276 // Restrict file type as early as possible.
277 //
278 if ( (Context->ImageType != PeCoffLoaderTypePe32)
279 && (Context->ImageType != PeCoffLoaderTypePe32Plus))
280 {
281 DEBUG ((DEBUG_INFO, "OCPE: Unsupported image type %d for Apple Image\n", Context->ImageType));
282 return EFI_UNSUPPORTED;
283 }
284
285 //
286 // Apple images are required to start with DOS header.
287 // DOS header is really the only reason ExeHdrOffset can be
288 // non-zero, do not bother extra checking.
289 //
290 if (Context->ExeHdrOffset < sizeof (EFI_IMAGE_DOS_HEADER)) {
291 DEBUG ((DEBUG_INFO, "OCPE: DOS header is required for signed Apple Image\n"));
292 return EFI_UNSUPPORTED;
293 }
294
295 //
296 // Zero memory between DOS and optional header.
297 //
298 ZeroMem (
299 (UINT8 *)Context->FileBuffer + sizeof (EFI_IMAGE_DOS_HEADER),
300 Context->ExeHdrOffset - sizeof (EFI_IMAGE_DOS_HEADER)
301 );
302
303 //
304 // Zero checksum as we do not hash it.
305 //
306 ZeroMem (
307 (UINT8 *)Context->FileBuffer + Context->ExeHdrOffset + APPLE_CHECKSUM_OFFSET,
308 APPLE_CHECKSUM_SIZE
309 );
310
311 //
312 // Zero sec entry as we do not hash it as well.
313 //
314 ZeroMem (
315 (UINT8 *)Context->FileBuffer + SecDirOffset,
316 sizeof (EFI_IMAGE_DATA_DIRECTORY)
317 );
318
319 //
320 // Zero signature as we do not hash it.
321 //
322 ZeroMem (
323 (UINT8 *)Context->FileBuffer + SignedFileSize,
324 FileSize - SignedFileSize
325 );
326
327 return EFI_SUCCESS;
328}
329
330STATIC
331VOID
332PeCoffHashAppleImage (
333 IN PE_COFF_LOADER_IMAGE_CONTEXT *Context,
334 IN UINT32 SecDirOffset,
335 IN UINT32 SignedFileSize,
336 OUT UINT8 *Hash
337 )
338{
339 UINTN HashSize;
340 UINT8 *HashBase;
341 SHA256_CONTEXT HashContext;
342
343 //
344 // Initialise a SHA hash context
345 //
346 Sha256Init (&HashContext);
347
348 //
349 // Hash DOS header and without DOS stub.
350 //
351 HashBase = (UINT8 *)Context->FileBuffer;
352 HashSize = sizeof (EFI_IMAGE_DOS_HEADER);
353 Sha256Update (&HashContext, HashBase, HashSize);
354
355 //
356 // Hash optional header prior to checksum.
357 //
358 HashBase += Context->ExeHdrOffset;
359 HashSize = APPLE_CHECKSUM_OFFSET;
360 Sha256Update (&HashContext, HashBase, HashSize);
361
362 //
363 // Hash the rest of the header up to security directory.
364 //
365 HashBase += HashSize + APPLE_CHECKSUM_SIZE;
366 HashSize = SecDirOffset - (UINT32)(HashBase - (UINT8 *)Context->FileBuffer);
367 Sha256Update (&HashContext, HashBase, HashSize);
368
369 //
370 // Hash the rest of the image skipping security directory.
371 //
372 HashBase += HashSize + sizeof (EFI_IMAGE_DATA_DIRECTORY);
373 HashSize = SignedFileSize - (UINT32)(HashBase - (UINT8 *)Context->FileBuffer);
374 Sha256Update (&HashContext, HashBase, HashSize);
375
376 Sha256Final (&HashContext, Hash);
377}
378
379#ifndef EFIUSER
380STATIC
381#endif
382EFI_STATUS
383InternalPeCoffVerifyAppleSignatureFromContext (
384 IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,
385 IN OUT UINT32 *ImageSize
386 )
387{
388 EFI_STATUS ImageStatus;
389 APPLE_SIGNATURE_CONTEXT SignatureContext;
390 UINT8 Hash[SHA256_DIGEST_SIZE];
391 BOOLEAN Success;
392 APPLE_EFI_CERTIFICATE_INFO *CertInfo;
393 UINT32 SecDirOffset;
394 UINT32 SignedFileSize;
395
396 ImageStatus = PeCoffGetAppleCertificateInfo (
397 ImageContext,
398 *ImageSize,
399 &CertInfo,
400 &SecDirOffset,
401 &SignedFileSize
402 );
403 if (EFI_ERROR (ImageStatus)) {
404 DEBUG ((DEBUG_INFO, "OCPE: PeCoff no cert info - %r\n", ImageStatus));
405 return EFI_UNSUPPORTED;
406 }
407
408 ImageStatus = PeCoffGetAppleSignature (
409 ImageContext,
410 CertInfo,
411 &SignatureContext
412 );
413 if (EFI_ERROR (ImageStatus)) {
414 DEBUG ((DEBUG_INFO, "OCPE: PeCoff no valid signature - %r\n", ImageStatus));
415 return EFI_UNSUPPORTED;
416 }
417
418 ImageStatus = PeCoffSanitiseAppleImage (
419 ImageContext,
420 SecDirOffset,
421 SignedFileSize,
422 *ImageSize
423 );
424 if (EFI_ERROR (ImageStatus)) {
425 DEBUG ((DEBUG_INFO, "OCPE: PeCoff cannot be sanitised - %r\n", ImageStatus));
426 return EFI_UNSUPPORTED;
427 }
428
429 *ImageSize = SignedFileSize;
430
431 PeCoffHashAppleImage (
432 ImageContext,
433 SecDirOffset,
434 SignedFileSize,
435 &Hash[0]
436 );
437
438 //
439 // Verify signature
440 //
441 Success = RsaVerifySigHashFromKeyDynalloc (
442 SignatureContext.PublicKey,
443 SignatureContext.Signature,
444 sizeof (SignatureContext.Signature),
445 &Hash[0],
446 sizeof (Hash),
447 OcSigHashTypeSha256
448 );
449
450 if (!Success) {
451 return EFI_SECURITY_VIOLATION;
452 }
453
454 return EFI_SUCCESS;
455}
456
457EFI_STATUS
458PeCoffVerifyAppleSignature (
459 IN OUT VOID *PeImage,
460 IN OUT UINT32 *ImageSize
461 )
462{
463 EFI_STATUS ImageStatus;
464 PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
465
466 ImageStatus = PeCoffInitializeContext (
467 &ImageContext,
468 PeImage,
469 *ImageSize,
470 UefiImageOriginUserImage
471 );
472 if (EFI_ERROR (ImageStatus)) {
473 DEBUG ((DEBUG_INFO, "OCPE: PeCoff verify init failure - %r\n", ImageStatus));
474 return EFI_UNSUPPORTED;
475 }
476
477 return InternalPeCoffVerifyAppleSignatureFromContext (&ImageContext, ImageSize);
478}
479
480#ifndef EFIUSER
481STATIC
482#endif
483EFI_STATUS
484InternalPeCoffGetApfsDriverVersionFromContext (
485 IN PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext,
486 IN UINT32 DriverSize,
487 OUT APFS_DRIVER_VERSION **DriverVersionPtr
488 )
489{
490 //
491 // apfs.efi versioning is more restricted than generic PE parsing.
492 //
493
494 EFI_IMAGE_NT_HEADERS64 *OptionalHeader;
495 EFI_IMAGE_SECTION_HEADER *SectionHeader;
496 APFS_DRIVER_VERSION *DriverVersion;
497 UINT32 ImageVersion;
498
499 if ( (ImageContext->Machine != IMAGE_FILE_MACHINE_X64)
500 || (ImageContext->ImageType != PeCoffLoaderTypePe32Plus)
501 || (ImageContext->Subsystem != EFI_IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER))
502 {
503 DEBUG ((DEBUG_INFO, "OCPE: PeCoff apfs unsupported image\n"));
504 return EFI_UNSUPPORTED;
505 }
506
507 //
508 // Get image version. The header is already verified for us.
509 //
510 OptionalHeader = (EFI_IMAGE_NT_HEADERS64 *)(
511 (CONST UINT8 *)ImageContext->FileBuffer
512 + ImageContext->ExeHdrOffset
513 );
514 ImageVersion = (UINT32)OptionalHeader->MajorImageVersion << 16
515 | (UINT32)OptionalHeader->MinorImageVersion;
516
517 //
518 // Get .text contents. The sections are already verified for us,
519 // but it can be smaller than APFS version.
520 //
521 SectionHeader = (EFI_IMAGE_SECTION_HEADER *)(
522 (CONST UINT8 *)ImageContext->FileBuffer
523 + ImageContext->SectionsOffset
524 );
525
526 if (AsciiStrnCmp ((CHAR8 *)SectionHeader->Name, ".text", sizeof (SectionHeader->Name)) != 0) {
527 return EFI_UNSUPPORTED;
528 }
529
530 if (sizeof (APFS_DRIVER_VERSION) > SectionHeader->SizeOfRawData) {
531 return EFI_BUFFER_TOO_SMALL;
532 }
533
534 //
535 // Finally get driver version.
536 //
537 DriverVersion = (APFS_DRIVER_VERSION *)(
538 (CONST UINT8 *)ImageContext->FileBuffer
539 + SectionHeader->PointerToRawData
540 );
541
542 if ( (DriverVersion->Magic != APFS_DRIVER_VERSION_MAGIC)
543 || (DriverVersion->ImageVersion != ImageVersion))
544 {
545 return EFI_INVALID_PARAMETER;
546 }
547
548 *DriverVersionPtr = DriverVersion;
549 return EFI_SUCCESS;
550}
551
552EFI_STATUS
553PeCoffGetApfsDriverVersion (
554 IN VOID *DriverBuffer,
555 IN UINT32 DriverSize,
556 OUT APFS_DRIVER_VERSION **DriverVersionPtr
557 )
558{
559 EFI_STATUS ImageStatus;
560 PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
561
562 ImageStatus = PeCoffInitializeContext (
563 &ImageContext,
564 DriverBuffer,
565 DriverSize,
566 UefiImageOriginUserImage
567 );
568 if (EFI_ERROR (ImageStatus)) {
569 DEBUG ((DEBUG_INFO, "OCPE: PeCoff apfs init failure - %r\n", ImageStatus));
570 return EFI_UNSUPPORTED;
571 }
572
573 return InternalPeCoffGetApfsDriverVersionFromContext (&ImageContext, DriverSize, DriverVersionPtr);
574}
575
576EFI_STATUS
577OcPatchLegacyEfi (
578 IN VOID *DriverBuffer,
579 IN UINT32 DriverSize
580 )
581{
582 EFI_STATUS ImageStatus;
583 PE_COFF_LOADER_IMAGE_CONTEXT ImageContext;
584
585 ImageStatus = OcPeCoffFixupInitializeContext (
586 &ImageContext,
587 DriverBuffer,
588 DriverSize,
589 TRUE
590 );
591 if (EFI_ERROR (ImageStatus)) {
592 DEBUG ((DEBUG_WARN, "OCPE: PeCoff legacy patch failure - %r\n", ImageStatus));
593 return EFI_UNSUPPORTED;
594 }
595
596 return EFI_SUCCESS;
597}
APFS_DRIVER_VERSION_MAGIC
#define APFS_DRIVER_VERSION_MAGIC
Definition Apfs.h:93
gAppleEfiCertificateGuid
EFI_GUID gAppleEfiCertificateGuid
Definition UserGlobalVar.c:200
APPLE_EFI_CERTIFICATE_TYPE
#define APPLE_EFI_CERTIFICATE_TYPE
Definition AppleCertificate.h:34
NUM_OF_PK
#define NUM_OF_PK
Definition OcAppleKeysLib.h:21
PkDataBase
CONST APPLE_PK_ENTRY PkDataBase[NUM_OF_PK]
Definition OcAppleKeysLib.c:195
Sha256Init
VOID Sha256Init(SHA256_CONTEXT *Context)
RsaVerifySigHashFromKeyDynalloc
BOOLEAN RsaVerifySigHashFromKeyDynalloc(IN CONST OC_RSA_PUBLIC_KEY *Key, IN CONST UINT8 *Signature, IN UINTN SignatureSize, IN CONST UINT8 *Hash, IN UINTN HashSize, IN OC_SIG_HASH_TYPE Algorithm)
Definition RsaDigitalSign.c:631
SHA256_DIGEST_SIZE
#define SHA256_DIGEST_SIZE
Definition OcCryptoLib.h:45
Sha256Final
VOID Sha256Final(SHA256_CONTEXT *Context, UINT8 *HashDigest)
OcSigHashTypeSha256
@ OcSigHashTypeSha256
Definition OcCryptoLib.h:102
Sha256
VOID Sha256(UINT8 *Hash, CONST UINT8 *Data, UINTN Len)
Sha256Update
VOID Sha256Update(SHA256_CONTEXT *Context, CONST UINT8 *Data, UINTN Len)
APPLE_CHECKSUM_OFFSET
#define APPLE_CHECKSUM_OFFSET
Definition OcPeCoffExtInternal.h:21
APPLE_CHECKSUM_SIZE
#define APPLE_CHECKSUM_SIZE
Definition OcPeCoffExtInternal.h:22
InternalPeCoffGetApfsDriverVersionFromContext
STATIC EFI_STATUS InternalPeCoffGetApfsDriverVersionFromContext(IN PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, IN UINT32 DriverSize, OUT APFS_DRIVER_VERSION **DriverVersionPtr)
Definition OcPeCoffExtLib.c:484
PeCoffVerifyAppleSignature
EFI_STATUS PeCoffVerifyAppleSignature(IN OUT VOID *PeImage, IN OUT UINT32 *ImageSize)
Definition OcPeCoffExtLib.c:458
PeCoffGetApfsDriverVersion
EFI_STATUS PeCoffGetApfsDriverVersion(IN VOID *DriverBuffer, IN UINT32 DriverSize, OUT APFS_DRIVER_VERSION **DriverVersionPtr)
Definition OcPeCoffExtLib.c:553
PeCoffHashAppleImage
STATIC VOID PeCoffHashAppleImage(IN PE_COFF_LOADER_IMAGE_CONTEXT *Context, IN UINT32 SecDirOffset, IN UINT32 SignedFileSize, OUT UINT8 *Hash)
Definition OcPeCoffExtLib.c:332
InternalPeCoffVerifyAppleSignatureFromContext
STATIC EFI_STATUS InternalPeCoffVerifyAppleSignatureFromContext(IN OUT PE_COFF_LOADER_IMAGE_CONTEXT *ImageContext, IN OUT UINT32 *ImageSize)
Definition OcPeCoffExtLib.c:383
PeCoffGetAppleSignature
STATIC EFI_STATUS PeCoffGetAppleSignature(IN PE_COFF_LOADER_IMAGE_CONTEXT *Context, IN APPLE_EFI_CERTIFICATE_INFO *CertInfo, OUT APPLE_SIGNATURE_CONTEXT *SignatureContext)
Definition OcPeCoffExtLib.c:167
PeCoffGetSecurityDirectoryEntry
STATIC RETURN_STATUS PeCoffGetSecurityDirectoryEntry(IN PE_COFF_LOADER_IMAGE_CONTEXT *Context, IN UINT32 FileSize, OUT CONST EFI_IMAGE_DATA_DIRECTORY **DirectoryEntry)
Definition OcPeCoffExtLib.c:43
PeCoffGetAppleCertificateInfo
STATIC EFI_STATUS PeCoffGetAppleCertificateInfo(IN PE_COFF_LOADER_IMAGE_CONTEXT *Context, IN UINT32 FileSize, OUT APPLE_EFI_CERTIFICATE_INFO **CertInfo, OUT UINT32 *SecDirOffset, OUT UINT32 *SignedFileSize)
Definition OcPeCoffExtLib.c:110
OcPatchLegacyEfi
EFI_STATUS OcPatchLegacyEfi(IN VOID *DriverBuffer, IN UINT32 DriverSize)
Definition OcPeCoffExtLib.c:577
PeCoffSanitiseAppleImage
STATIC EFI_STATUS PeCoffSanitiseAppleImage(IN PE_COFF_LOADER_IMAGE_CONTEXT *Context, IN UINT32 SecDirOffset, IN UINT32 SignedFileSize, IN UINT32 FileSize)
Definition OcPeCoffExtLib.c:266
OcPeCoffFixupInitializeContext
RETURN_STATUS OcPeCoffFixupInitializeContext(OUT PE_COFF_LOADER_IMAGE_CONTEXT *Context, IN CONST VOID *FileBuffer, IN UINT32 FileSize, IN BOOLEAN InMemoryFixup)
Definition OcPeCoffFixupInit.c:739
CompareMem
INTN EFIAPI CompareMem(IN CONST VOID *DestinationBuffer, IN CONST VOID *SourceBuffer, IN UINTN Length)
Definition UserBaseMemoryLib.c:150
CompareGuid
BOOLEAN EFIAPI CompareGuid(IN CONST GUID *Guid1, IN CONST GUID *Guid2)
Definition UserBaseMemoryLib.c:456
ZeroMem
VOID *EFIAPI ZeroMem(OUT VOID *Buffer, IN UINTN Length)
Definition UserBaseMemoryLib.c:102
gEfiCertTypeRsa2048Sha256Guid
EFI_GUID gEfiCertTypeRsa2048Sha256Guid
Definition UserGlobalVar.c:203
ASSERT
#define ASSERT(x)
Definition coder.h:55
APFS_DRIVER_VERSION_
Definition Apfs.h:100
APFS_DRIVER_VERSION_::ImageVersion
UINT32 ImageVersion
Definition Apfs.h:108
APFS_DRIVER_VERSION_::Magic
UINT32 Magic
Definition Apfs.h:104
APPLE_EFI_CERTIFICATE_
Definition AppleCertificate.h:47
APPLE_EFI_CERTIFICATE_::CertType
UINT16 CertType
Definition AppleCertificate.h:50
APPLE_EFI_CERTIFICATE_::CertSize
UINT32 CertSize
Definition AppleCertificate.h:48
APPLE_EFI_CERTIFICATE_::CertData
EFI_CERT_BLOCK_RSA_2048_SHA256 CertData
Definition AppleCertificate.h:52
APPLE_EFI_CERTIFICATE_::AppleSignatureGuid
EFI_GUID AppleSignatureGuid
Definition AppleCertificate.h:51
APPLE_EFI_CERTIFICATE_INFO_
Definition AppleCertificate.h:39
APPLE_SIGNATURE_CONTEXT_
Definition OcPeCoffExtInternal.h:27
APPLE_SIGNATURE_CONTEXT_::Signature
UINT8 Signature[256]
Definition OcPeCoffExtInternal.h:29
APPLE_SIGNATURE_CONTEXT_::PublicKey
OC_RSA_PUBLIC_KEY * PublicKey
Definition OcPeCoffExtInternal.h:28
OC_RSA_PUBLIC_KEY
Definition OcCryptoLib.h:172
SHA256_CONTEXT_
Definition OcCryptoLib.h:132