dennis-tseng99
commented
1 year ago Thank Julian's comment. About: (a) I agree. I will put "static" back. (b) I don't agree. The initial value of non-static global variable in .bss is also 0. I put 0 to it is just for easy to read code.
A validation function is added to post-process-pe.c to verify 3 flags required by Microsoft signing right after each EFI file has been built.
Like other functions existing in post-process-pe.c, this function can be enabled through the "-m" flag by CLI command. Default is enabled.
The output is something like this: ./post-process-pe -vv shim.efi set_dll_characteristics():358: Updating DLL Characteristics from 0x0000 to 0x0100 ms_validation():373: NX-Compat-Flag: PASS ms_validation():378: 4K-Alignment: PASS ms_validation():390: Section-Wr-Exe: PASS
Microsoft is enforcing the validationis for all applications to be signed by the Microsoft third-party Unified Extensible Firmware Interface (UEFI) Certificate Authority (CA). These validations include:
Please refer the following for more details: https://techcommunity.microsoft.com/t5/hardware-dev-center/new-uefi-ca-memory-mitigation-requirements-for-signing/ba-p/3608714
Signed-off-by: Dennis Tseng dennis.tseng@suse.com