Tree - rpms/shim - CentOS Git server

arrfab / rpms / shim

Forked from rpms/shim 4 years ago

Source
Stats

Files

Commit: 4210fa29b612e855faf4f21a52d62dd0eadbc44a

Blob Blame History Raw

From db43ba5a5fcb88e3b0acac0da5737e499be236a2 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 30 Sep 2014 16:13:27 +0800
Subject: [PATCH 67/74] Don't verify images with the empty build key

We replaced the build key with an empty file while compiling shim
for our distro. Skip the verification with the empty build key
since this makes no sense.

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 shim.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/shim.c b/shim.c
index a282ee3..8076caa 100644
--- a/shim.c
+++ b/shim.c
@@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 		/*
 		 * Check against the shim build key
 		 */
-		if (AuthenticodeVerify(cert->CertData,
+		if (sizeof(shim_cert) &&
+		    AuthenticodeVerify(cert->CertData,
 			       context->SecDir->Size - sizeof(cert->Hdr),
 			       shim_cert, sizeof(shim_cert), sha256hash,
 			       SHA256_DIGEST_SIZE)) {
-- 
1.9.3

arrfab / rpms / shim

Source Code

Files