Boot unsigned binaries if we're not in secure mode

read_header would fail if the binary was unsigned, even if we weren't then going to verify the signature. Move that check to the verify function instead.
author: Matthew Garrett <mjg@redhat.com> 2012-10-24 00:10:29 -0400
committer: Matthew Garrett <mjg@redhat.com> 2012-10-24 00:10:29 -0400
commit: 832e5161b5bf9bba3e46ee203d5a131fc8b087c8 (patch)
tree: cf5df49291582ae228741989fdb68e9563e7caba
parent: cbe214072bfa49f177e33f7e98f6e0431b4832eb (diff)
download: efi-boot-shim-832e5161b5bf9bba3e46ee203d5a131fc8b087c8.tar.gz
efi-boot-shim-832e5161b5bf9bba3e46ee203d5a131fc8b087c8.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/shim.c b/shim.c
index 447cf876..2ba7e5af 100644
--- a/shim.c
+++ b/shim.c
@@ -625,6 +625,11 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 	WIN_CERTIFICATE_EFI_PKCS *cert;
 	unsigned int size = datasize;
 
+	if (context->SecDir->Size == 0) {
+		Print(L"Empty security header\n");
+		return EFI_INVALID_PARAMETER;
+	}
+
 	cert = ImageAddress (data, size, context->SecDir->VirtualAddress);
 
 	if (!cert) {
@@ -737,11 +742,6 @@ static EFI_STATUS read_header(void *data, unsigned int datasize,
 		return EFI_INVALID_PARAMETER;
 	}
 
-	if (context->SecDir->Size == 0) {
-		Print(L"Empty security header\n");
-		return EFI_INVALID_PARAMETER;
-	}
-
 	return EFI_SUCCESS;
 }
author	Matthew Garrett <mjg@redhat.com>	2012-10-24 00:10:29 -0400
committer	Matthew Garrett <mjg@redhat.com>	2012-10-24 00:10:29 -0400
commit	832e5161b5bf9bba3e46ee203d5a131fc8b087c8 (patch)
tree	cf5df49291582ae228741989fdb68e9563e7caba
parent	cbe214072bfa49f177e33f7e98f6e0431b4832eb (diff)
download	efi-boot-shim-832e5161b5bf9bba3e46ee203d5a131fc8b087c8.tar.gz efi-boot-shim-832e5161b5bf9bba3e46ee203d5a131fc8b087c8.zip