From db43ba5a5fcb88e3b0acac0da5737e499be236a2 Mon Sep 17 00:00:00 2001
From: Gary Ching-Pang Lin <glin@suse.com>
Date: Tue, 30 Sep 2014 16:13:27 +0800
Subject: [PATCH 67/74] Don't verify images with the empty build key

We replaced the build key with an empty file while compiling shim
for our distro. Skip the verification with the empty build key
since this makes no sense.

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
---
 shim.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/shim.c b/shim.c
index a282ee3..8076caa 100644
--- a/shim.c
+++ b/shim.c
@@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 		/*
 		 * Check against the shim build key
 		 */
-		if (AuthenticodeVerify(cert->CertData,
+		if (sizeof(shim_cert) &&
+		    AuthenticodeVerify(cert->CertData,
 			       context->SecDir->Size - sizeof(cert->Hdr),
 			       shim_cert, sizeof(shim_cert), sha256hash,
 			       SHA256_DIGEST_SIZE)) {
-- 
1.9.3