Skip to content

loaded image: add set_image function #266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 6, 2021
Merged

loaded image: add set_image function #266

merged 1 commit into from
Aug 6, 2021

Conversation

nicholasbishop
Copy link
Member

This allows overriding the data in LoadedImage. It's useful in the
following scenario:

  1. Secure boot is enabled, so images loaded with LoadImage must be
    signed with an appropriate key known to the firmware.
  2. The bootloader has its own key embedded, and uses that key to
    verify the next stage. This key is not known to the firmware, so
    the next stage's image can't be loaded with LoadImage.
  3. Since image handles are created by LoadImage, which we can't
    call, we have to make use of an existing image handle -- the one
    passed into the bootloader's entry function. By modifying that
    image handle (after appropriately verifying the signature of the
    new data of course), we can repurpose the image handle for the next
    stage.

See shim for an example of this scenario in action.

GabrielMajeri
GabrielMajeri reviewed Aug 6, 2021
View reviewed changes
@nicholasbishop
loaded image: add set_image function
2c7e1e3 
This allows overriding the data in `LoadedImage`. It's useful in the
following scenario:

1. Secure boot is enabled, so images loaded with `LoadImage` must be
   signed with an appropriate key known to the firmware.
2. The bootloader has its own key embedded, and uses that key to
   verify the next stage. This key is not known to the firmware, so
   the next stage's image can't be loaded with `LoadImage`.
3. Since image handles are created by `LoadImage`, which we can't
   call, we have to make use of an existing image handle -- the one
   passed into the bootloader's entry function. By modifying that
   image handle (after appropriately verifying the signature of the
   new data of course), we can repurpose the image handle for the next
   stage.

See [shim] for an example of this scenario in action.

[shim]: https://github.com/rhboot/shim/blob/4d64389c6c941d21548b06423b8131c872e3c3c7/pe.c#L1143
@nicholasbishop nicholasbishop force-pushed the bishop-loaded-image-update branch from 1acf84d to 2c7e1e3 Compare August 6, 2021 14:46
@GabrielMajeri
Copy link
Collaborator

Looks good now, thanks.

@GabrielMajeri GabrielMajeri merged commit 8101a63 into rust-osdev:master Aug 6, 2021
@nicholasbishop nicholasbishop deleted the bishop-loaded-image-update branch December 12, 2021 21:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GabrielMajeri GabrielMajeri GabrielMajeri left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nicholasbishop @GabrielMajeri