diff options
| author | Matthew Garrett <mjg@redhat.com> | 2012-07-02 13:49:32 -0400 |
|---|---|---|
| committer | Matthew Garrett <mjg@redhat.com> | 2012-07-02 13:49:32 -0400 |
| commit | f9435d966477b738ae5d68c220e9846b6cfe9492 (patch) | |
| tree | aa4873bf642cc1f31f5e6ba11e2693885cddd35a | |
| parent | d259b1406044b430fe5786cd57e272bb9c57166d (diff) | |
| download | efi-boot-shim-f9435d966477b738ae5d68c220e9846b6cfe9492.tar.gz efi-boot-shim-f9435d966477b738ae5d68c220e9846b6cfe9492.zip | |
Remove whitelisting - the firmware will handle it via LoadImage/StartImage
| -rw-r--r-- | shim.c | 17 |
1 files changed, 0 insertions, 17 deletions
@@ -310,16 +310,6 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert, UINT8 *hash) return EFI_SUCCESS; } -static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert, UINT8 *hash) -{ - if (check_db_hash(L"db", hash) == DATA_FOUND) - return EFI_SUCCESS; - if (check_db_cert(L"db", cert, hash) == DATA_FOUND) - return EFI_SUCCESS; - - return EFI_ACCESS_DENIED; -} - /* * Check that the signature is valid and matches the binary */ @@ -510,13 +500,6 @@ static EFI_STATUS verify_buffer (char *data, int datasize, goto done; } - status = check_whitelist(cert, hash); - - if (status == EFI_SUCCESS) { - Print(L"Binary is whitelisted\n"); - goto done; - } - if (!AuthenticodeVerify(cert->CertData, context->SecDir->Size - sizeof(cert->Hdr), vendor_cert, sizeof(vendor_cert), hash, |