| diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c |
| index b3be566..a2523f5 100644 |
| --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c |
| +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c |
| @@ -544,6 +544,18 @@ HashPeImage ( |
| if (!Status) {
|
| goto Done;
|
| }
|
| + /*
|
| + * Problem: some unsigned PECOFF binaries don't always end on an aligned
|
| + * size. For this case, pad them with zeros up to the aligned size
|
| + */
|
| + if (ALIGN_SIZE(mImageSize)) {
|
| + UINT64 zerofill = 0;
|
| +
|
| + Status = mHash[HashAlg].HashUpdate(HashCtx, &zerofill, ALIGN_SIZE(mImageSize));
|
| + if (!Status) {
|
| + goto Done;
|
| + }
|
| + }
|
| } else if (mImageSize < CertSize + SumOfBytesHashed) {
|
| Status = FALSE;
|
| goto Done;
|
| diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h |
| index 55371e9..bdf27ac 100644 |
| --- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h |
| +++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.h |
| @@ -43,6 +43,9 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED. |
| #define MAX_NOTIFY_STRING_LEN 64
|
| #define TWO_BYTE_ENCODE 0x82
|
|
|
| +#define ALIGNMENT_SIZE 8
|
| +#define ALIGN_SIZE(a) (((a) % ALIGNMENT_SIZE) ? ALIGNMENT_SIZE - ((a) % ALIGNMENT_SIZE) : 0)
|
| +
|
| //
|
| // Image type definitions
|
| //
|