diff options
| author | Gary Ching-Pang Lin <glin@suse.com> | 2014-09-30 16:13:27 +0800 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2014-10-02 00:08:50 -0400 |
| commit | db43ba5a5fcb88e3b0acac0da5737e499be236a2 (patch) | |
| tree | 953ad2a63698ff0ebd356980a7ed7303187ec43c | |
| parent | aa818fe639f103d9c40fcbc8342edd82ff5d49d2 (diff) | |
| download | efi-boot-shim-db43ba5a5fcb88e3b0acac0da5737e499be236a2.tar.gz efi-boot-shim-db43ba5a5fcb88e3b0acac0da5737e499be236a2.zip | |
Don't verify images with the empty build key
We replaced the build key with an empty file while compiling shim
for our distro. Skip the verification with the empty build key
since this makes no sense.
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
| -rw-r--r-- | shim.c | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize, /* * Check against the shim build key */ - if (AuthenticodeVerify(cert->CertData, + if (sizeof(shim_cert) && + AuthenticodeVerify(cert->CertData, context->SecDir->Size - sizeof(cert->Hdr), shim_cert, sizeof(shim_cert), sha256hash, SHA256_DIGEST_SIZE)) { |