Load concatenated EFI_SIGNATURE_LISTs from shim_certificate.efi - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Ross Lagerwall <ross.lagerwall@citrix.com>	2024-02-29 16:59:21 +0000
committer	Peter Jones <pjones@redhat.com>	2025-02-04 11:56:11 -0500
commit	2daf1db9aa27e5d03335bc75818bd8a03e4b84e2 (patch)
tree	9f352506efe9b6f976cfec0eef704cfb6ff5f0cd /Cryptlib/Library/BaseCryptLib.h
parent	11252121f853a0a3aac102b72a279204b9c69a00 (diff)
download	efi-boot-shim-2daf1db9aa27e5d03335bc75818bd8a03e4b84e2.tar.gz efi-boot-shim-2daf1db9aa27e5d03335bc75818bd8a03e4b84e2.zip

Load concatenated EFI_SIGNATURE_LISTs from shim_certificate.efi

For multiple reasons, it may be useful for different keys to be used to sign different parts of the boot chain (e.g. a different key for GRUB and the Linux kernel). Allow this by loading concatenated EFI_SIGNATURE_LISTs from shim_certificate.efi rather than only the first. At the same time, be a bit more robust by checking for allocation failures and overflows due to invalid data in the binary. Use the smaller of VirtualSize and SizeOfRawData since the latter is rounded up to the section alignment and therefore may contain non-certificate data. Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>

Diffstat (limited to 'Cryptlib/Library/BaseCryptLib.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: