Blame SOURCES/0067-Don-t-verify-images-with-the-empty-build-key.patch
|
 |
4210fa |
From db43ba5a5fcb88e3b0acac0da5737e499be236a2 Mon Sep 17 00:00:00 2001
|
|
|
4210fa |
From: Gary Ching-Pang Lin <glin@suse.com>
|
|
|
4210fa |
Date: Tue, 30 Sep 2014 16:13:27 +0800
|
|
|
4210fa |
Subject: [PATCH 67/74] Don't verify images with the empty build key
|
|
|
4210fa |
|
|
|
4210fa |
We replaced the build key with an empty file while compiling shim
|
|
|
4210fa |
for our distro. Skip the verification with the empty build key
|
|
|
4210fa |
since this makes no sense.
|
|
|
4210fa |
|
|
|
4210fa |
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
|
|
|
4210fa |
---
|
|
|
4210fa |
shim.c | 3 ++-
|
|
|
4210fa |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
4210fa |
|
|
|
4210fa |
diff --git a/shim.c b/shim.c
|
|
|
4210fa |
index a282ee3..8076caa 100644
|
|
|
4210fa |
--- a/shim.c
|
|
|
4210fa |
+++ b/shim.c
|
|
|
4210fa |
@@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
|
|
|
4210fa |
/*
|
|
|
4210fa |
* Check against the shim build key
|
|
|
4210fa |
*/
|
|
|
4210fa |
- if (AuthenticodeVerify(cert->CertData,
|
|
|
4210fa |
+ if (sizeof(shim_cert) &&
|
|
|
4210fa |
+ AuthenticodeVerify(cert->CertData,
|
|
|
4210fa |
context->SecDir->Size - sizeof(cert->Hdr),
|
|
|
4210fa |
shim_cert, sizeof(shim_cert), sha256hash,
|
|
|
4210fa |
SHA256_DIGEST_SIZE)) {
|
|
|
4210fa |
--
|
|
|
4210fa |
1.9.3
|
|
|
4210fa |
|