-
Notifications
You must be signed in to change notification settings - Fork 294
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add validation function for Microsoft signing(supersede #531) #567
Conversation
I have a few suggestions. Instead of the help message
let's use something that sheds some more light on the matter. Something like
With The code block for checking sections characteristics looks improvable. Maybe something like this would be cleaner
(This is a suggestion I made up on-the-fly, this is not guaranteed to compile or work properly in runtime) While people that are in the environment of shim development, reviewing shim reviews and whatnot may know about Microsoft requirements, these may change in the future. I'd add comments that clarify what happens, why the function was added and what the requirements are as of today, as well as a link to Microsoft's official posts. If you want, I can add my way of doing these things. Maybe another comment in this pull request with a But for that much code in exchange give me a token of appreciation and co-author me with
in a new commit. ;) |
@aronowski Thanks for your comments. Actually, I'd like to be a co-author with you. It is my pleasure. I'll put your co-author name on this PR in the later version.
Sorry to let you know I will still suggest we can keep "break test-loop even only one section is FAIL", rather than testing through all sections. Actually, I referred a Python tool codes provided by Microsoft to implement our codes when I sent PR#531 last year. Here is the Python codes named image_validation.py:
I like your idea. But before doing that, please also refer my Conversation 1 in #531 If you think that is not clear enough, please just put your comments on it. |
You're right about that function. I guess I forgot a Anyway, I implemented the tweaks discussed and fixed some formatting issues. You can use my patch for inspiration - apply it on top of your commit 1b4f664:
and once that's done, recompile shim and check if everything works as intended. Thanks a lot! |
26ab927
to
5f3103f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please squash this down to one commit, and run clang-format on the added code.
EFI_IMAGE_SECTION_HEADER *Section; | ||
int i; | ||
|
||
debug(INFO, "%14s: %s\n","NX-Compat-Flag", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's with all this "%14s:
stuff? Why not just "NX-Compat-Flag: %s\n"
? Same with all the cases below it.
5f3103f
to
fa5add1
Compare
Co-authored-by: Peter Jones <[email protected]> Co-authored-by: Kamil Aronowski <[email protected]> Signed-off-by: Dennis Tseng <[email protected]>
fa5add1
to
f88a010
Compare
I've got a version of this I've made some changes to over here: #705 (because I can't push an update here.) |
To align line 45 of
post-process-pe.c
with upstream, the initial value ofset_nx_compat
variable in PR#531 is also updated totrue
. To understand why some validation functions were added ontopost-process-pe.c
, please refer the following link for more previous comments:Signed-off-by: Dennis Tseng [email protected]