diff options
| author | Peter Jones <pjones@redhat.com> | 2018-03-23 13:54:53 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2018-03-23 13:55:57 -0400 |
| commit | cdbfb5a69ea16142d132517d39c9e96d154c8345 (patch) | |
| tree | 4f37ecd2a007c506899b379fed44ceb95147d121 | |
| parent | f391e44516d24cebf3cc6b1a548e13122d083e77 (diff) | |
| download | efi-boot-shim-cdbfb5a69ea16142d132517d39c9e96d154c8345.tar.gz efi-boot-shim-cdbfb5a69ea16142d132517d39c9e96d154c8345.zip | |
Revert "Allow shim to handle multiple trusted certificates"
This was merged before it was really ready - verify_trusted_cert needs
to check each certificate against vendor_dbx, "dbx", and "MokListX", or
else it can enable a blacklisted certificate accidentally.
This reverts commit 8721bbe6fb1bfdfbc8bd16e05673929e4cbbdedc.
| -rw-r--r-- | shim.c | 41 |
1 files changed, 8 insertions, 33 deletions
@@ -963,35 +963,6 @@ done: } /* - * Check that a trusted certificate signed the binary - */ -static BOOLEAN verify_trusted_cert(const WIN_CERTIFICATE_EFI_PKCS *cert, - const UINT8 *sha256hash, - const UINT8 *trusted_cert, - size_t trusted_cert_len) -{ - const UINT8 *tmp; - ASN1_TYPE *asn1; - - while (trusted_cert_len) { - if (AuthenticodeVerify(cert->CertData, - cert->Hdr.dwLength - sizeof(cert->Hdr), - trusted_cert, trusted_cert_len, - sha256hash, SHA256_DIGEST_SIZE)) - return TRUE; - tmp = trusted_cert; - asn1 = d2i_ASN1_TYPE(NULL, &tmp, trusted_cert_len); - if (!asn1) - break; - ASN1_TYPE_free(asn1); - trusted_cert_len -= (tmp - trusted_cert); - trusted_cert = tmp; - } - - return FALSE; -} - -/* * Check that the signature is valid and matches the binary */ static EFI_STATUS verify_buffer (char *data, int datasize, @@ -1073,8 +1044,10 @@ static EFI_STATUS verify_buffer (char *data, int datasize, * Check against the shim build key */ if (sizeof(shim_cert) && - verify_trusted_cert(cert, sha256hash, - shim_cert, sizeof(shim_cert))) { + AuthenticodeVerify(cert->CertData, + cert->Hdr.dwLength - sizeof(cert->Hdr), + shim_cert, sizeof(shim_cert), sha256hash, + SHA256_DIGEST_SIZE)) { update_verification_method(VERIFIED_BY_CERT); tpm_measure_variable(L"Shim", SHIM_LOCK_GUID, sizeof(shim_cert), shim_cert); @@ -1090,8 +1063,10 @@ static EFI_STATUS verify_buffer (char *data, int datasize, * And finally, check against shim's built-in key */ if (vendor_cert_size && - verify_trusted_cert(cert, sha256hash, - vendor_cert, vendor_cert_size)) { + AuthenticodeVerify(cert->CertData, + cert->Hdr.dwLength - sizeof(cert->Hdr), + vendor_cert, vendor_cert_size, + sha256hash, SHA256_DIGEST_SIZE)) { update_verification_method(VERIFIED_BY_CERT); tpm_measure_variable(L"Shim", SHIM_LOCK_GUID, vendor_cert_size, vendor_cert); |