Blame SOURCES/0220-Add-secureboot-support-on-efi-chainloader.patch

a85e8e
From 8ffcc1083fd421756da76783df83b81d4bdbfb52 Mon Sep 17 00:00:00 2001
a85e8e
From: Peter Jones <pjones@redhat.com>
a85e8e
Date: Tue, 6 Oct 2015 13:04:37 -0400
a85e8e
Subject: [PATCH 220/260] Add secureboot support on efi chainloader
a85e8e
a85e8e
Expand the chainloader to be able to verify the image by means of shim
a85e8e
lock protocol. The PE/COFF image is loaded and relocated by the
a85e8e
chainloader instead of calling LoadImage and StartImage UEFI boot
a85e8e
Service as they require positive verification result from keys enrolled
a85e8e
in KEK or DB. The shim will use MOK in addition to firmware enrolled
a85e8e
keys to verify the image.
a85e8e
a85e8e
The chainloader module could be used to load other UEFI bootloaders,
a85e8e
such as xen.efi, and could be signed by any of MOK, KEK or DB.
a85e8e
a85e8e
Based on https://build.opensuse.org/package/view_file/openSUSE:Factory/grub2/grub2-secureboot-chainloader.patch
a85e8e
a85e8e
Signed-off-by: Peter Jones <pjones@redhat.com>
a85e8e
---
a85e8e
 grub-core/loader/efi/chainloader.c | 612 ++++++++++++++++++++++++++++++++++---
a85e8e
 include/grub/efi/pe32.h            |  20 +-
a85e8e
 2 files changed, 595 insertions(+), 37 deletions(-)
a85e8e
a85e8e
diff --git a/grub-core/loader/efi/chainloader.c b/grub-core/loader/efi/chainloader.c
a85e8e
index 14ce6ddd7..87a91e16f 100644
a85e8e
--- a/grub-core/loader/efi/chainloader.c
a85e8e
+++ b/grub-core/loader/efi/chainloader.c
a85e8e
@@ -32,6 +32,8 @@
a85e8e
 #include <grub/efi/api.h>
a85e8e
 #include <grub/efi/efi.h>
a85e8e
 #include <grub/efi/disk.h>
a85e8e
+#include <grub/efi/pe32.h>
a85e8e
+#include <grub/efi/linux.h>
a85e8e
 #include <grub/command.h>
a85e8e
 #include <grub/i18n.h>
a85e8e
 #include <grub/net.h>
a85e8e
@@ -46,9 +48,14 @@ static grub_dl_t my_mod;
a85e8e
 
a85e8e
 static grub_efi_physical_address_t address;
a85e8e
 static grub_efi_uintn_t pages;
a85e8e
+static grub_ssize_t fsize;
a85e8e
 static grub_efi_device_path_t *file_path;
a85e8e
 static grub_efi_handle_t image_handle;
a85e8e
 static grub_efi_char16_t *cmdline;
a85e8e
+static grub_ssize_t cmdline_len;
a85e8e
+static grub_efi_handle_t dev_handle;
a85e8e
+
a85e8e
+static grub_efi_status_t (*entry_point) (grub_efi_handle_t image_handle, grub_efi_system_table_t *system_table);
a85e8e
 
a85e8e
 static grub_err_t
a85e8e
 grub_chainloader_unload (void)
a85e8e
@@ -63,6 +70,7 @@ grub_chainloader_unload (void)
a85e8e
   grub_free (cmdline);
a85e8e
   cmdline = 0;
a85e8e
   file_path = 0;
a85e8e
+  dev_handle = 0;
a85e8e
 
a85e8e
   grub_dl_unref (my_mod);
a85e8e
   return GRUB_ERR_NONE;
a85e8e
@@ -191,12 +199,523 @@ make_file_path (grub_efi_device_path_t *dp, const char *filename)
a85e8e
   return file_path;
a85e8e
 }
a85e8e
 
a85e8e
+#define SHIM_LOCK_GUID \
a85e8e
+  { 0x605dab50, 0xe046, 0x4300, { 0xab,0xb6,0x3d,0xd8,0x10,0xdd,0x8b,0x23 } }
a85e8e
+
a85e8e
+typedef union
a85e8e
+{
a85e8e
+  struct grub_pe32_header_32 pe32;
a85e8e
+  struct grub_pe32_header_64 pe32plus;
a85e8e
+} grub_pe_header_t;
a85e8e
+
a85e8e
+struct pe_coff_loader_image_context
a85e8e
+{
a85e8e
+  grub_efi_uint64_t image_address;
a85e8e
+  grub_efi_uint64_t image_size;
a85e8e
+  grub_efi_uint64_t entry_point;
a85e8e
+  grub_efi_uintn_t size_of_headers;
a85e8e
+  grub_efi_uint16_t image_type;
a85e8e
+  grub_efi_uint16_t number_of_sections;
a85e8e
+  grub_efi_uint32_t section_alignment;
a85e8e
+  struct grub_pe32_section_table *first_section;
a85e8e
+  struct grub_pe32_data_directory *reloc_dir;
a85e8e
+  struct grub_pe32_data_directory *sec_dir;
a85e8e
+  grub_efi_uint64_t number_of_rva_and_sizes;
a85e8e
+  grub_pe_header_t *pe_hdr;
a85e8e
+};
a85e8e
+
a85e8e
+typedef struct pe_coff_loader_image_context pe_coff_loader_image_context_t;
a85e8e
+
a85e8e
+struct grub_efi_shim_lock
a85e8e
+{
a85e8e
+  grub_efi_status_t (*verify)(void *buffer,
a85e8e
+                              grub_efi_uint32_t size);
a85e8e
+  grub_efi_status_t (*hash)(void *data,
a85e8e
+                            grub_efi_int32_t datasize,
a85e8e
+                            pe_coff_loader_image_context_t *context,
a85e8e
+                            grub_efi_uint8_t *sha256hash,
a85e8e
+                            grub_efi_uint8_t *sha1hash);
a85e8e
+  grub_efi_status_t (*context)(void *data,
a85e8e
+                               grub_efi_uint32_t size,
a85e8e
+                               pe_coff_loader_image_context_t *context);
a85e8e
+};
a85e8e
+
a85e8e
+typedef struct grub_efi_shim_lock grub_efi_shim_lock_t;
a85e8e
+
a85e8e
+static grub_efi_boolean_t
a85e8e
+read_header (void *data, grub_efi_uint32_t size,
a85e8e
+	     pe_coff_loader_image_context_t *context)
a85e8e
+{
a85e8e
+  grub_efi_guid_t guid = SHIM_LOCK_GUID;
a85e8e
+  grub_efi_shim_lock_t *shim_lock;
a85e8e
+  grub_efi_status_t status;
a85e8e
+
a85e8e
+  shim_lock = grub_efi_locate_protocol (&guid, NULL);
a85e8e
+
a85e8e
+  if (!shim_lock)
a85e8e
+    {
a85e8e
+      grub_error (GRUB_ERR_BAD_ARGUMENT, "no shim lock protocol");
a85e8e
+      return 0;
a85e8e
+    }
a85e8e
+
a85e8e
+  status = shim_lock->context (data, size, context);
a85e8e
+
a85e8e
+  if (status == GRUB_EFI_SUCCESS)
a85e8e
+    {
a85e8e
+      grub_dprintf ("chain", "context success\n");
a85e8e
+      return 1;
a85e8e
+    }
a85e8e
+
a85e8e
+  switch (status)
a85e8e
+    {
a85e8e
+      case GRUB_EFI_UNSUPPORTED:
a85e8e
+      grub_error (GRUB_ERR_BAD_ARGUMENT, "context error unsupported");
a85e8e
+      break;
a85e8e
+      case GRUB_EFI_INVALID_PARAMETER:
a85e8e
+      grub_error (GRUB_ERR_BAD_ARGUMENT, "context error invalid parameter");
a85e8e
+      break;
a85e8e
+      default:
a85e8e
+      grub_error (GRUB_ERR_BAD_ARGUMENT, "context error code");
a85e8e
+      break;
a85e8e
+    }
a85e8e
+
a85e8e
+  return 0;
a85e8e
+}
a85e8e
+
a85e8e
+static void*
a85e8e
+image_address (void *image, grub_efi_uint64_t sz, grub_efi_uint64_t adr)
a85e8e
+{
a85e8e
+  if (adr > sz)
a85e8e
+    return NULL;
a85e8e
+
a85e8e
+  return ((grub_uint8_t*)image + adr);
a85e8e
+}
a85e8e
+
a85e8e
+static int
a85e8e
+image_is_64_bit (grub_pe_header_t *pe_hdr)
a85e8e
+{
a85e8e
+  /* .Magic is the same offset in all cases */
a85e8e
+  if (pe_hdr->pe32plus.optional_header.magic == GRUB_PE32_PE64_MAGIC)
a85e8e
+    return 1;
a85e8e
+  return 0;
a85e8e
+}
a85e8e
+
a85e8e
+static const grub_uint16_t machine_type =
a85e8e
+#if defined(__x86_64__)
a85e8e
+  GRUB_PE32_MACHINE_X86_64;
a85e8e
+#elif defined(__aarch64__)
a85e8e
+  GRUB_PE32_MACHINE_ARM64;
a85e8e
+#elif defined(__arm__)
a85e8e
+  GRUB_PE32_MACHINE_ARMTHUMB_MIXED;
a85e8e
+#elif defined(__i386__) || defined(__i486__) || defined(__i686__)
a85e8e
+  GRUB_PE32_MACHINE_I386;
a85e8e
+#elif defined(__ia64__)
a85e8e
+  GRUB_PE32_MACHINE_IA64;
a85e8e
+#else
a85e8e
+#error this architecture is not supported by grub2
a85e8e
+#endif
a85e8e
+
a85e8e
+static grub_efi_status_t
a85e8e
+relocate_coff (pe_coff_loader_image_context_t *context,
a85e8e
+	       struct grub_pe32_section_table *section,
a85e8e
+	       void *orig, void *data)
a85e8e
+{
a85e8e
+  struct grub_pe32_data_directory *reloc_base, *reloc_base_end;
a85e8e
+  grub_efi_uint64_t adjust;
a85e8e
+  struct grub_pe32_fixup_block *reloc, *reloc_end;
a85e8e
+  char *fixup, *fixup_base, *fixup_data = NULL;
a85e8e
+  grub_efi_uint16_t *fixup_16;
a85e8e
+  grub_efi_uint32_t *fixup_32;
a85e8e
+  grub_efi_uint64_t *fixup_64;
a85e8e
+  grub_efi_uint64_t size = context->image_size;
a85e8e
+  void *image_end = (char *)orig + size;
a85e8e
+  int n = 0;
a85e8e
+
a85e8e
+  if (image_is_64_bit (context->pe_hdr))
a85e8e
+    context->pe_hdr->pe32plus.optional_header.image_base =
a85e8e
+      (grub_uint64_t)(unsigned long)data;
a85e8e
+  else
a85e8e
+    context->pe_hdr->pe32.optional_header.image_base =
a85e8e
+      (grub_uint32_t)(unsigned long)data;
a85e8e
+
a85e8e
+  /* Alright, so here's how this works:
a85e8e
+   *
a85e8e
+   * context->reloc_dir gives us two things:
a85e8e
+   * - the VA the table of base relocation blocks are (maybe) to be
a85e8e
+   *   mapped at (reloc_dir->rva)
a85e8e
+   * - the virtual size (reloc_dir->size)
a85e8e
+   *
a85e8e
+   * The .reloc section (section here) gives us some other things:
a85e8e
+   * - the name! kind of. (section->name)
a85e8e
+   * - the virtual size (section->virtual_size), which should be the same
a85e8e
+   *   as RelocDir->Size
a85e8e
+   * - the virtual address (section->virtual_address)
a85e8e
+   * - the file section size (section->raw_data_size), which is
a85e8e
+   *   a multiple of optional_header->file_alignment.  Only useful for image
a85e8e
+   *   validation, not really useful for iteration bounds.
a85e8e
+   * - the file address (section->raw_data_offset)
a85e8e
+   * - a bunch of stuff we don't use that's 0 in our binaries usually
a85e8e
+   * - Flags (section->characteristics)
a85e8e
+   *
a85e8e
+   * and then the thing that's actually at the file address is an array
a85e8e
+   * of struct grub_pe32_fixup_block structs with some values packed behind
a85e8e
+   * them.  The block_size field of this structure includes the
a85e8e
+   * structure itself, and adding it to that structure's address will
a85e8e
+   * yield the next entry in the array.
a85e8e
+   */
a85e8e
+
a85e8e
+  reloc_base = image_address (orig, size, section->raw_data_offset);
a85e8e
+  reloc_base_end = image_address (orig, size, section->raw_data_offset
a85e8e
+				  + section->virtual_size - 1);
a85e8e
+
a85e8e
+  grub_dprintf ("chain", "reloc_base %p reloc_base_end %p\n", reloc_base,
a85e8e
+		reloc_base_end);
a85e8e
+
a85e8e
+  if (!reloc_base && !reloc_base_end)
a85e8e
+    return GRUB_EFI_SUCCESS;
a85e8e
+
a85e8e
+  if (!reloc_base || !reloc_base_end)
a85e8e
+    {
a85e8e
+      grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc table overflows binary");
a85e8e
+      return GRUB_EFI_UNSUPPORTED;
a85e8e
+    }
a85e8e
+
a85e8e
+  adjust = (grub_uint64_t)data - context->image_address;
a85e8e
+  if (adjust == 0)
a85e8e
+    return GRUB_EFI_SUCCESS;
a85e8e
+
a85e8e
+  while (reloc_base < reloc_base_end)
a85e8e
+    {
a85e8e
+      grub_uint16_t *entry;
a85e8e
+      reloc = (struct grub_pe32_fixup_block *)((char*)reloc_base);
a85e8e
+
a85e8e
+      if ((reloc_base->size == 0) ||
a85e8e
+	  (reloc_base->size > context->reloc_dir->size))
a85e8e
+	{
a85e8e
+	  grub_error (GRUB_ERR_BAD_ARGUMENT,
a85e8e
+		      "Reloc %d block size %d is invalid\n", n,
a85e8e
+		      reloc_base->size);
a85e8e
+	  return GRUB_EFI_UNSUPPORTED;
a85e8e
+	}
a85e8e
+
a85e8e
+      entry = &reloc->entries[0];
a85e8e
+      reloc_end = (struct grub_pe32_fixup_block *)
a85e8e
+	((char *)reloc_base + reloc_base->size);
a85e8e
+
a85e8e
+      if ((void *)reloc_end < data || (void *)reloc_end > image_end)
a85e8e
+        {
a85e8e
+          grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc entry %d overflows binary",
a85e8e
+		      n);
a85e8e
+          return GRUB_EFI_UNSUPPORTED;
a85e8e
+        }
a85e8e
+
a85e8e
+      fixup_base = image_address(data, size, reloc_base->rva);
a85e8e
+
a85e8e
+      if (!fixup_base)
a85e8e
+        {
a85e8e
+          grub_error (GRUB_ERR_BAD_ARGUMENT, "Reloc %d Invalid fixupbase", n);
a85e8e
+          return GRUB_EFI_UNSUPPORTED;
a85e8e
+        }
a85e8e
+
a85e8e
+      while ((void *)entry < (void *)reloc_end)
a85e8e
+        {
a85e8e
+          fixup = fixup_base + (*entry & 0xFFF);
a85e8e
+          switch ((*entry) >> 12)
a85e8e
+            {
a85e8e
+              case GRUB_PE32_REL_BASED_ABSOLUTE:
a85e8e
+                break;
a85e8e
+              case GRUB_PE32_REL_BASED_HIGH:
a85e8e
+                fixup_16 = (grub_uint16_t *)fixup;
a85e8e
+                *fixup_16 = (grub_uint16_t)
a85e8e
+		  (*fixup_16 + ((grub_uint16_t)((grub_uint32_t)adjust >> 16)));
a85e8e
+                if (fixup_data != NULL)
a85e8e
+                  {
a85e8e
+                    *(grub_uint16_t *) fixup_data = *fixup_16;
a85e8e
+                    fixup_data = fixup_data + sizeof (grub_uint16_t);
a85e8e
+                  }
a85e8e
+                break;
a85e8e
+              case GRUB_PE32_REL_BASED_LOW:
a85e8e
+                fixup_16 = (grub_uint16_t *)fixup;
a85e8e
+                *fixup_16 = (grub_uint16_t) (*fixup_16 + (grub_uint16_t)adjust);
a85e8e
+                if (fixup_data != NULL)
a85e8e
+                  {
a85e8e
+                    *(grub_uint16_t *) fixup_data = *fixup_16;
a85e8e
+                    fixup_data = fixup_data + sizeof (grub_uint16_t);
a85e8e
+                  }
a85e8e
+                break;
a85e8e
+              case GRUB_PE32_REL_BASED_HIGHLOW:
a85e8e
+                fixup_32 = (grub_uint32_t *)fixup;
a85e8e
+                *fixup_32 = *fixup_32 + (grub_uint32_t)adjust;
a85e8e
+                if (fixup_data != NULL)
a85e8e
+                  {
a85e8e
+                    fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint32_t));
a85e8e
+                    *(grub_uint32_t *) fixup_data = *fixup_32;
a85e8e
+                    fixup_data += sizeof (grub_uint32_t);
a85e8e
+                  }
a85e8e
+                break;
a85e8e
+              case GRUB_PE32_REL_BASED_DIR64:
a85e8e
+                fixup_64 = (grub_uint64_t *)fixup;
a85e8e
+                *fixup_64 = *fixup_64 + (grub_uint64_t)adjust;
a85e8e
+                if (fixup_data != NULL)
a85e8e
+                  {
a85e8e
+                    fixup_data = (char *)ALIGN_UP ((grub_addr_t)fixup_data, sizeof (grub_uint64_t));
a85e8e
+                    *(grub_uint64_t *) fixup_data = *fixup_64;
a85e8e
+                    fixup_data += sizeof (grub_uint64_t);
a85e8e
+                  }
a85e8e
+                break;
a85e8e
+              default:
a85e8e
+                grub_error (GRUB_ERR_BAD_ARGUMENT,
a85e8e
+			    "Reloc %d unknown relocation type %d",
a85e8e
+			    n, (*entry) >> 12);
a85e8e
+                return GRUB_EFI_UNSUPPORTED;
a85e8e
+            }
a85e8e
+          entry += 1;
a85e8e
+        }
a85e8e
+      reloc_base = (struct grub_pe32_data_directory *)reloc_end;
a85e8e
+      n++;
a85e8e
+    }
a85e8e
+
a85e8e
+  return GRUB_EFI_SUCCESS;
a85e8e
+}
a85e8e
+
a85e8e
+static grub_efi_device_path_t *
a85e8e
+grub_efi_get_media_file_path (grub_efi_device_path_t *dp)
a85e8e
+{
a85e8e
+  while (1)
a85e8e
+    {
a85e8e
+      grub_efi_uint8_t type = GRUB_EFI_DEVICE_PATH_TYPE (dp);
a85e8e
+      grub_efi_uint8_t subtype = GRUB_EFI_DEVICE_PATH_SUBTYPE (dp);
a85e8e
+
a85e8e
+      if (type == GRUB_EFI_END_DEVICE_PATH_TYPE)
a85e8e
+        break;
a85e8e
+      else if (type == GRUB_EFI_MEDIA_DEVICE_PATH_TYPE
a85e8e
+            && subtype == GRUB_EFI_FILE_PATH_DEVICE_PATH_SUBTYPE)
a85e8e
+      return dp;
a85e8e
+
a85e8e
+      dp = GRUB_EFI_NEXT_DEVICE_PATH (dp);
a85e8e
+    }
a85e8e
+
a85e8e
+    return NULL;
a85e8e
+}
a85e8e
+
a85e8e
+static grub_efi_boolean_t
a85e8e
+handle_image (void *data, grub_efi_uint32_t datasize)
a85e8e
+{
a85e8e
+  grub_efi_boot_services_t *b;
a85e8e
+  grub_efi_loaded_image_t *li, li_bak;
a85e8e
+  grub_efi_status_t efi_status;
a85e8e
+  char *buffer = NULL;
a85e8e
+  char *buffer_aligned = NULL;
a85e8e
+  grub_efi_uint32_t i, size;
a85e8e
+  struct grub_pe32_section_table *section;
a85e8e
+  char *base, *end;
a85e8e
+  pe_coff_loader_image_context_t context;
a85e8e
+  grub_uint32_t section_alignment;
a85e8e
+  grub_uint32_t buffer_size;
a85e8e
+
a85e8e
+  b = grub_efi_system_table->boot_services;
a85e8e
+
a85e8e
+  if (read_header (data, datasize, &context))
a85e8e
+    {
a85e8e
+      grub_dprintf ("chain", "Succeed to read header\n");
a85e8e
+    }
a85e8e
+  else
a85e8e
+    {
a85e8e
+      grub_dprintf ("chain", "Failed to read header\n");
a85e8e
+      goto error_exit;
a85e8e
+    }
a85e8e
+
a85e8e
+  section_alignment = context.section_alignment;
a85e8e
+  buffer_size = context.image_size + section_alignment;
a85e8e
+
a85e8e
+  efi_status = efi_call_3 (b->allocate_pool, GRUB_EFI_LOADER_DATA,
a85e8e
+			   buffer_size, &buffer);
a85e8e
+
a85e8e
+  if (efi_status != GRUB_EFI_SUCCESS)
a85e8e
+    {
a85e8e
+      grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
a85e8e
+      goto error_exit;
a85e8e
+    }
a85e8e
+
a85e8e
+  buffer_aligned = (char *)ALIGN_UP ((grub_addr_t)buffer, section_alignment);
a85e8e
+
a85e8e
+  if (!buffer_aligned)
a85e8e
+    {
a85e8e
+      grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("out of memory"));
a85e8e
+      goto error_exit;
a85e8e
+    }
a85e8e
+
a85e8e
+  grub_memcpy (buffer_aligned, data, context.size_of_headers);
a85e8e
+
a85e8e
+  char *reloc_base, *reloc_base_end;
a85e8e
+  reloc_base = image_address (buffer_aligned, datasize,
a85e8e
+			      context.reloc_dir->rva);
a85e8e
+  /* RelocBaseEnd here is the address of the last byte of the table */
a85e8e
+  reloc_base_end = image_address (buffer_aligned, datasize,
a85e8e
+				  context.reloc_dir->rva
a85e8e
+				  + context.reloc_dir->size - 1);
a85e8e
+  struct grub_pe32_section_table *reloc_section = NULL;
a85e8e
+
a85e8e
+  section = context.first_section;
a85e8e
+  for (i = 0; i < context.number_of_sections; i++, section++)
a85e8e
+    {
a85e8e
+      size = section->virtual_size;
a85e8e
+      if (size > section->raw_data_size)
a85e8e
+        size = section->raw_data_size;
a85e8e
+
a85e8e
+      base = image_address (buffer_aligned, context.image_size,
a85e8e
+			    section->virtual_address);
a85e8e
+      end = image_address (buffer_aligned, context.image_size,
a85e8e
+			   section->virtual_address + size - 1);
a85e8e
+
a85e8e
+
a85e8e
+      /* We do want to process .reloc, but it's often marked
a85e8e
+       * discardable, so we don't want to memcpy it. */
a85e8e
+      if (grub_memcmp (section->name, ".reloc\0\0", 8) == 0)
a85e8e
+	{
a85e8e
+	  if (reloc_section)
a85e8e
+	    {
a85e8e
+	      grub_error (GRUB_ERR_BAD_ARGUMENT,
a85e8e
+			  "Image has multiple relocation sections");
a85e8e
+	      goto error_exit;
a85e8e
+	    }
a85e8e
+
a85e8e
+	  /* If it has nonzero sizes, and our bounds check
a85e8e
+	   * made sense, and the VA and size match RelocDir's
a85e8e
+	   * versions, then we believe in this section table. */
a85e8e
+	  if (section->raw_data_size && section->virtual_size &&
a85e8e
+	      base && end && reloc_base == base && reloc_base_end == end)
a85e8e
+	    {
a85e8e
+	      reloc_section = section;
a85e8e
+	    }
a85e8e
+	}
a85e8e
+
a85e8e
+      if (section->characteristics && GRUB_PE32_SCN_MEM_DISCARDABLE)
a85e8e
+	continue;
a85e8e
+
a85e8e
+      if (!base || !end)
a85e8e
+        {
a85e8e
+          grub_error (GRUB_ERR_BAD_ARGUMENT, "Invalid section size");
a85e8e
+          goto error_exit;
a85e8e
+        }
a85e8e
+
a85e8e
+      if (section->virtual_address < context.size_of_headers ||
a85e8e
+	  section->raw_data_offset < context.size_of_headers)
a85e8e
+	{
a85e8e
+	  grub_error (GRUB_ERR_BAD_ARGUMENT,
a85e8e
+		      "Section %d is inside image headers", i);
a85e8e
+	  goto error_exit;
a85e8e
+	}
a85e8e
+
a85e8e
+      if (section->raw_data_size > 0)
a85e8e
+        grub_memcpy (base, (grub_efi_uint8_t*)data + section->raw_data_offset,
a85e8e
+		     size);
a85e8e
+
a85e8e
+      if (size < section->virtual_size)
a85e8e
+        grub_memset (base + size, 0, section->virtual_size - size);
a85e8e
+
a85e8e
+      grub_dprintf ("chain", "copied section %s\n", section->name);
a85e8e
+    }
a85e8e
+
a85e8e
+  /* 5 == EFI_IMAGE_DIRECTORY_ENTRY_BASERELOC */
a85e8e
+  if (context.number_of_rva_and_sizes <= 5)
a85e8e
+    {
a85e8e
+      grub_dprintf ("chain", "image has no relocation entry\n");
a85e8e
+      goto error_exit;
a85e8e
+    }
a85e8e
+
a85e8e
+  if (context.reloc_dir->size && reloc_section)
a85e8e
+    {
a85e8e
+      /* run the relocation fixups */
a85e8e
+      efi_status = relocate_coff (&context, reloc_section, data,
a85e8e
+				  buffer_aligned);
a85e8e
+
a85e8e
+      if (efi_status != GRUB_EFI_SUCCESS)
a85e8e
+	{
a85e8e
+	  grub_error (GRUB_ERR_BAD_ARGUMENT, "relocation failed");
a85e8e
+	  goto error_exit;
a85e8e
+	}
a85e8e
+    }
a85e8e
+
a85e8e
+  entry_point = image_address (buffer_aligned, context.image_size,
a85e8e
+			       context.entry_point);
a85e8e
+
a85e8e
+  if (!entry_point)
a85e8e
+    {
a85e8e
+      grub_error (GRUB_ERR_BAD_ARGUMENT, "invalid entry point");
a85e8e
+      goto error_exit;
a85e8e
+    }
a85e8e
+
a85e8e
+  li = grub_efi_get_loaded_image (grub_efi_image_handle);
a85e8e
+  if (!li)
a85e8e
+    {
a85e8e
+      grub_error (GRUB_ERR_BAD_ARGUMENT, "no loaded image available");
a85e8e
+      goto error_exit;
a85e8e
+    }
a85e8e
+
a85e8e
+  grub_memcpy (&li_bak, li, sizeof (grub_efi_loaded_image_t));
a85e8e
+  li->image_base = buffer_aligned;
a85e8e
+  li->image_size = context.image_size;
a85e8e
+  li->load_options = cmdline;
a85e8e
+  li->load_options_size = cmdline_len;
a85e8e
+  li->file_path = grub_efi_get_media_file_path (file_path);
a85e8e
+  li->device_handle = dev_handle;
a85e8e
+  if (li->file_path)
a85e8e
+    {
a85e8e
+      grub_printf ("file path: ");
a85e8e
+      grub_efi_print_device_path (li->file_path);
a85e8e
+    }
a85e8e
+  else
a85e8e
+    {
a85e8e
+      grub_error (GRUB_ERR_UNKNOWN_DEVICE, "no matching file path found");
a85e8e
+      goto error_exit;
a85e8e
+    }
a85e8e
+
a85e8e
+  efi_status = efi_call_2 (entry_point, grub_efi_image_handle,
a85e8e
+			   grub_efi_system_table);
a85e8e
+
a85e8e
+  grub_memcpy (li, &li_bak, sizeof (grub_efi_loaded_image_t));
a85e8e
+  efi_status = efi_call_1 (b->free_pool, buffer);
a85e8e
+
a85e8e
+  return 1;
a85e8e
+
a85e8e
+error_exit:
a85e8e
+  if (buffer)
a85e8e
+      efi_call_1 (b->free_pool, buffer);
a85e8e
+
a85e8e
+  return 0;
a85e8e
+}
a85e8e
+
a85e8e
+static grub_err_t
a85e8e
+grub_secureboot_chainloader_unload (void)
a85e8e
+{
a85e8e
+  grub_efi_boot_services_t *b;
a85e8e
+
a85e8e
+  b = grub_efi_system_table->boot_services;
a85e8e
+  efi_call_2 (b->free_pages, address, pages);
a85e8e
+  grub_free (file_path);
a85e8e
+  grub_free (cmdline);
a85e8e
+  cmdline = 0;
a85e8e
+  file_path = 0;
a85e8e
+  dev_handle = 0;
a85e8e
+
a85e8e
+  grub_dl_unref (my_mod);
a85e8e
+  return GRUB_ERR_NONE;
a85e8e
+}
a85e8e
+
a85e8e
+static grub_err_t
a85e8e
+grub_secureboot_chainloader_boot (void)
a85e8e
+{
a85e8e
+  handle_image ((void *)address, fsize);
a85e8e
+  grub_loader_unset ();
a85e8e
+  return grub_errno;
a85e8e
+}
a85e8e
+
a85e8e
 static grub_err_t
a85e8e
 grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
a85e8e
 		      int argc, char *argv[])
a85e8e
 {
a85e8e
   grub_file_t file = 0;
a85e8e
-  grub_ssize_t size;
a85e8e
   grub_efi_status_t status;
a85e8e
   grub_efi_boot_services_t *b;
a85e8e
   grub_device_t dev = 0;
a85e8e
@@ -204,7 +723,6 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
a85e8e
   grub_efi_loaded_image_t *loaded_image;
a85e8e
   char *filename;
a85e8e
   void *boot_image = 0;
a85e8e
-  grub_efi_handle_t dev_handle = 0;
a85e8e
 
a85e8e
   if (argc == 0)
a85e8e
     return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("filename expected"));
a85e8e
@@ -216,9 +734,36 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
a85e8e
   address = 0;
a85e8e
   image_handle = 0;
a85e8e
   file_path = 0;
a85e8e
+  dev_handle = 0;
a85e8e
 
a85e8e
   b = grub_efi_system_table->boot_services;
a85e8e
 
a85e8e
+  if (argc > 1)
a85e8e
+    {
a85e8e
+      int i;
a85e8e
+      grub_efi_char16_t *p16;
a85e8e
+
a85e8e
+      for (i = 1, cmdline_len = 0; i < argc; i++)
a85e8e
+        cmdline_len += grub_strlen (argv[i]) + 1;
a85e8e
+
a85e8e
+      cmdline_len *= sizeof (grub_efi_char16_t);
a85e8e
+      cmdline = p16 = grub_malloc (cmdline_len);
a85e8e
+      if (! cmdline)
a85e8e
+        goto fail;
a85e8e
+
a85e8e
+      for (i = 1; i < argc; i++)
a85e8e
+        {
a85e8e
+          char *p8;
a85e8e
+
a85e8e
+          p8 = argv[i];
a85e8e
+          while (*p8)
a85e8e
+            *(p16++) = *(p8++);
a85e8e
+
a85e8e
+          *(p16++) = ' ';
a85e8e
+        }
a85e8e
+      *(--p16) = 0;
a85e8e
+    }
a85e8e
+
a85e8e
   file = grub_file_open (filename);
a85e8e
   if (! file)
a85e8e
     goto fail;
a85e8e
@@ -267,14 +812,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
a85e8e
   grub_printf ("file path: ");
a85e8e
   grub_efi_print_device_path (file_path);
a85e8e
 
a85e8e
-  size = grub_file_size (file);
a85e8e
-  if (!size)
a85e8e
+  fsize = grub_file_size (file);
a85e8e
+  if (!fsize)
a85e8e
     {
a85e8e
       grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
a85e8e
 		  filename);
a85e8e
       goto fail;
a85e8e
     }
a85e8e
-  pages = (((grub_efi_uintn_t) size + ((1 << 12) - 1)) >> 12);
a85e8e
+  pages = (((grub_efi_uintn_t) fsize + ((1 << 12) - 1)) >> 12);
a85e8e
 
a85e8e
   status = efi_call_4 (b->allocate_pages, GRUB_EFI_ALLOCATE_ANY_PAGES,
a85e8e
 			      GRUB_EFI_LOADER_CODE,
a85e8e
@@ -288,7 +833,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
a85e8e
     }
a85e8e
 
a85e8e
   boot_image = (void *) ((grub_addr_t) address);
a85e8e
-  if (grub_file_read (file, boot_image, size) != size)
a85e8e
+  if (grub_file_read (file, boot_image, fsize) != fsize)
a85e8e
     {
a85e8e
       if (grub_errno == GRUB_ERR_NONE)
a85e8e
 	grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
a85e8e
@@ -298,7 +843,7 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
a85e8e
     }
a85e8e
 
a85e8e
 #if defined (__i386__) || defined (__x86_64__)
a85e8e
-  if (size >= (grub_ssize_t) sizeof (struct grub_macho_fat_header))
a85e8e
+  if (fsize >= (grub_ssize_t) sizeof (struct grub_macho_fat_header))
a85e8e
     {
a85e8e
       struct grub_macho_fat_header *head = boot_image;
a85e8e
       if (head->magic
a85e8e
@@ -307,6 +852,14 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
a85e8e
 	  grub_uint32_t i;
a85e8e
 	  struct grub_macho_fat_arch *archs
a85e8e
 	    = (struct grub_macho_fat_arch *) (head + 1);
a85e8e
+
a85e8e
+	  if (grub_efi_secure_boot())
a85e8e
+	    {
a85e8e
+	      grub_error (GRUB_ERR_BAD_OS,
a85e8e
+			  "MACHO binaries are forbidden with Secure Boot");
a85e8e
+	      goto fail;
a85e8e
+	    }
a85e8e
+
a85e8e
 	  for (i = 0; i < grub_cpu_to_le32 (head->nfat_arch); i++)
a85e8e
 	    {
a85e8e
 	      if (GRUB_MACHO_CPUTYPE_IS_HOST_CURRENT (archs[i].cputype))
a85e8e
@@ -321,21 +874,28 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
a85e8e
 	      > ~grub_cpu_to_le32 (archs[i].size)
a85e8e
 	      || grub_cpu_to_le32 (archs[i].offset)
a85e8e
 	      + grub_cpu_to_le32 (archs[i].size)
a85e8e
-	      > (grub_size_t) size)
a85e8e
+	      > (grub_size_t) fsize)
a85e8e
 	    {
a85e8e
 	      grub_error (GRUB_ERR_BAD_OS, N_("premature end of file %s"),
a85e8e
 			  filename);
a85e8e
 	      goto fail;
a85e8e
 	    }
a85e8e
 	  boot_image = (char *) boot_image + grub_cpu_to_le32 (archs[i].offset);
a85e8e
-	  size = grub_cpu_to_le32 (archs[i].size);
a85e8e
+	  fsize = grub_cpu_to_le32 (archs[i].size);
a85e8e
 	}
a85e8e
     }
a85e8e
 #endif
a85e8e
 
a85e8e
+  if (grub_linuxefi_secure_validate((void *)address, fsize))
a85e8e
+    {
a85e8e
+      grub_file_close (file);
a85e8e
+      grub_loader_set (grub_secureboot_chainloader_boot,
a85e8e
+		       grub_secureboot_chainloader_unload, 0);
a85e8e
+      return 0;
a85e8e
+    }
a85e8e
+
a85e8e
   status = efi_call_6 (b->load_image, 0, grub_efi_image_handle, file_path,
a85e8e
-		       boot_image, size,
a85e8e
-		       &image_handle);
a85e8e
+		       boot_image, fsize, &image_handle);
a85e8e
   if (status != GRUB_EFI_SUCCESS)
a85e8e
     {
a85e8e
       if (status == GRUB_EFI_OUT_OF_RESOURCES)
a85e8e
@@ -357,33 +917,10 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
a85e8e
     }
a85e8e
   loaded_image->device_handle = dev_handle;
a85e8e
 
a85e8e
-  if (argc > 1)
a85e8e
+  if (cmdline)
a85e8e
     {
a85e8e
-      int i, len;
a85e8e
-      grub_efi_char16_t *p16;
a85e8e
-
a85e8e
-      for (i = 1, len = 0; i < argc; i++)
a85e8e
-        len += grub_strlen (argv[i]) + 1;
a85e8e
-
a85e8e
-      len *= sizeof (grub_efi_char16_t);
a85e8e
-      cmdline = p16 = grub_malloc (len);
a85e8e
-      if (! cmdline)
a85e8e
-        goto fail;
a85e8e
-
a85e8e
-      for (i = 1; i < argc; i++)
a85e8e
-        {
a85e8e
-          char *p8;
a85e8e
-
a85e8e
-          p8 = argv[i];
a85e8e
-          while (*p8)
a85e8e
-            *(p16++) = *(p8++);
a85e8e
-
a85e8e
-          *(p16++) = ' ';
a85e8e
-        }
a85e8e
-      *(--p16) = 0;
a85e8e
-
a85e8e
       loaded_image->load_options = cmdline;
a85e8e
-      loaded_image->load_options_size = len;
a85e8e
+      loaded_image->load_options_size = cmdline_len;
a85e8e
     }
a85e8e
 
a85e8e
   grub_file_close (file);
a85e8e
@@ -405,6 +942,9 @@ grub_cmd_chainloader (grub_command_t cmd __attribute__ ((unused)),
a85e8e
   if (address)
a85e8e
     efi_call_2 (b->free_pages, address, pages);
a85e8e
 
a85e8e
+  if (cmdline)
a85e8e
+    grub_free (cmdline);
a85e8e
+
a85e8e
   grub_dl_unref (my_mod);
a85e8e
 
a85e8e
   return grub_errno;
a85e8e
diff --git a/include/grub/efi/pe32.h b/include/grub/efi/pe32.h
a85e8e
index f79c36c02..f79782e1b 100644
a85e8e
--- a/include/grub/efi/pe32.h
a85e8e
+++ b/include/grub/efi/pe32.h
a85e8e
@@ -212,7 +212,11 @@ struct grub_pe64_optional_header
a85e8e
 struct grub_pe32_section_table
a85e8e
 {
a85e8e
   char name[8];
a85e8e
-  grub_uint32_t virtual_size;
a85e8e
+  union
a85e8e
+    {
a85e8e
+      grub_uint32_t physical_address;
a85e8e
+      grub_uint32_t virtual_size;
a85e8e
+    };
a85e8e
   grub_uint32_t virtual_address;
a85e8e
   grub_uint32_t raw_data_size;
a85e8e
   grub_uint32_t raw_data_offset;
a85e8e
@@ -263,6 +267,20 @@ struct grub_pe32_header
a85e8e
 #endif
a85e8e
 };
a85e8e
 
a85e8e
+struct grub_pe32_header_32
a85e8e
+{
a85e8e
+  char signature[GRUB_PE32_SIGNATURE_SIZE];
a85e8e
+  struct grub_pe32_coff_header coff_header;
a85e8e
+  struct grub_pe32_optional_header optional_header;
a85e8e
+};
a85e8e
+
a85e8e
+struct grub_pe32_header_64
a85e8e
+{
a85e8e
+  char signature[GRUB_PE32_SIGNATURE_SIZE];
a85e8e
+  struct grub_pe32_coff_header coff_header;
a85e8e
+  struct grub_pe64_optional_header optional_header;
a85e8e
+};
a85e8e
+
a85e8e
 struct grub_pe32_fixup_block
a85e8e
 {
a85e8e
   grub_uint32_t page_rva;
a85e8e
-- 
a85e8e
2.13.0
a85e8e