Don't verify images with the empty build key

We replaced the build key with an empty file while compiling shim for our distro. Skip the verification with the empty build key since this makes no sense. Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
author: Gary Ching-Pang Lin <glin@suse.com> 2014-10-02 00:08:50 -0400
committer: Peter Jones <pjones@redhat.com> 2014-10-02 00:08:50 -0400
commit: f852734c5a15f2fe6a76424ce23daaee870c6c4e (patch)
tree: 953ad2a63698ff0ebd356980a7ed7303187ec43c
parent: e258243e43ca2c9f6ac177ed4153fe92af64fcd8 (diff)
download: efi-boot-shim-f852734c5a15f2fe6a76424ce23daaee870c6c4e.tar.gz
efi-boot-shim-f852734c5a15f2fe6a76424ce23daaee870c6c4e.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/shim.c b/shim.c
index a282ee35..8076caa9 100644
--- a/shim.c
+++ b/shim.c
@@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 		/*
 		 * Check against the shim build key
 		 */
-		if (AuthenticodeVerify(cert->CertData,
+		if (sizeof(shim_cert) &&
+		    AuthenticodeVerify(cert->CertData,
 			       context->SecDir->Size - sizeof(cert->Hdr),
 			       shim_cert, sizeof(shim_cert), sha256hash,
 			       SHA256_DIGEST_SIZE)) {
author	Gary Ching-Pang Lin <glin@suse.com>	2014-10-02 00:08:50 -0400
committer	Peter Jones <pjones@redhat.com>	2014-10-02 00:08:50 -0400
commit	f852734c5a15f2fe6a76424ce23daaee870c6c4e (patch)
tree	953ad2a63698ff0ebd356980a7ed7303187ec43c
parent	e258243e43ca2c9f6ac177ed4153fe92af64fcd8 (diff)
download	efi-boot-shim-f852734c5a15f2fe6a76424ce23daaee870c6c4e.tar.gz efi-boot-shim-f852734c5a15f2fe6a76424ce23daaee870c6c4e.zip