Verify signature before verifying sbat levels - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Jan Setje-Eilers <jan.setjeeilers@oracle.com>	2023-06-26 18:41:50 -0700
committer	Peter Jones <pjones@redhat.com>	2023-06-27 14:58:25 -0400
commit	61e989446849205d3e9eef2544f6d9bd87142933 (patch)
tree	da7c385c1cb6b11187dfa442dfcd1d1eeed348db /Cryptlib/Cryptlib.diff
parent	569270d8603d68308ad8bf8ef4cad4b09101d35e (diff)
download	efi-boot-shim-61e989446849205d3e9eef2544f6d9bd87142933.tar.gz efi-boot-shim-61e989446849205d3e9eef2544f6d9bd87142933.zip

Verify signature before verifying sbat levels

Verifying the validity of a files signature can protect from an attacker creating a file that exploits a potential issue in the sbat validation. If the signature is not checked first, an attacker can just create a file with a valid .sbat section and can still attack the signature validation. Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com>

Diffstat (limited to 'Cryptlib/Cryptlib.diff')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: