Guo -- If I remember correctly, the PCI bus driver will expose a LOAD_FILE2 protocol on each PCI device that has the option ROM. The LOAD_FILE2 should return the PE/COFF image, not the option ROM, correct? Just like the LoadFile() function in LOAD_FILE protocol. In fact, this is what LocalLoadFile2() says (in PciBusDxe/PciOptionRomSupport.c): "Load the EFI Image from Option ROM"
If this function correctly gets the "EFI image" from the Option ROM, then there is no option ROM header anymore because it has been stripped away. If there is no option ROM header, then the BDS LoadImage() call should process it like any other EFI Image, including checking for the signature of the driver from the option ROM, against the secure database? What am I missing? Tim -----Original Message----- From: Dong, Guo [mailto:guo.d...@intel.com] Sent: Monday, September 02, 2013 7:05 PM To: edk2-devel@lists.sourceforge.net Subject: Re: [edk2] Not able to load Signed UEFI image from ROM. Hi Deb, The "Secure boot" only supports EFI file (*.efi) verification. When converting signed driver (.efi) into .rom image, I think an option rom header file is added to the signed driver (.efi). So it can't be directly loaded from shell or other place in "Secure boot" environment. If there is another driver that could find and remove the option rom header from .rom image, it could be loaded by the driver in Secure boot environment. Thanks, Guo -----Original Message----- From: Debabrata [mailto:debabrata.chattopadh...@pmcs.com] Sent: Monday, September 02, 2013 7:00 PM To: edk2-devel@lists.sourceforge.net Subject: [edk2] Not able to load Signed UEFI image from ROM. Hi, I was working on “Secure Boot” for UEFI. So the idea is to sign our drivers and load it in secure boot environment. As of now for experimental purposes we are test signing our driver with our own certificate,enrolling the certificate in UEFI firmware ,enabling secure boot in UEFI firmware and trying to load our test-signed driver. What we see is : a)Our signed driver (.efi) loads very well under secure boot from the EFI shell. b)Our signed driver (.efi) when flashed into the ROM fails to load under secure boot. c)Our signed driver (.efi) when converted into .rom image fails to load from the shell under secure boot. d)When secure boot is disabled our signed driver loads well be it as .efi from shell or as .rom from shell or as flashed into ROM. So long story short: Our signed driver does not boot from ROM or .rom image In case of flashed ROM (case b) above ) I don’t get any error but in case of manual .rom loading (case c) above) I do get an error at shell as : “Load image #1 error-Security Violation”. ”Image bios.rom loaded – Not found” Can somebody throw some light into it , please ? Regards Deb ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel ------------------------------------------------------------------------------ Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more! Discover the easy way to master current and previous Microsoft technologies and advance your career. Get an incredible 1,500+ hours of step-by-step tutorial videos with LearnDevNow. Subscribe today and save! http://pubads.g.doubleclick.net/gampad/clk?id=58040911&iu=/4140/ostg.clktrk _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
