diff options
| author | Dennis Tseng <dennis.tseng@suse.com> | 2024-06-05 22:33:06 +0800 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2025-02-05 09:18:45 -0500 |
| commit | eb02afc6f822576b73b7added3966ad7e72fd342 (patch) | |
| tree | d09e3dd6261fd2dabe5a7935abf9efb964360e22 /Cryptlib/Library/BaseCryptLib.h | |
| parent | 15c1a9a310645ceb958587fe000d5f60ed3bc4bd (diff) | |
| download | efi-boot-shim-eb02afc6f822576b73b7added3966ad7e72fd342.tar.gz efi-boot-shim-eb02afc6f822576b73b7added3966ad7e72fd342.zip | |
Optionally enabling codesign EKU check in compiling time.
This commit also supersedes PR#232 which was closed on Jul 1, 2021.
So that original codesign EKU codes cannot be bothered.
To enable the codesign check, ENABLE_CODESIGN_EKU can be set to 1.
To disable the codesign check, ENABLE_CODESIGN_EKU can be set to 0
or just omit this flag.
For example:
make xxxx ENABLE_CODESIGN_EKU=1 xxxx shim.efi
Signed-off-by: Dennis Tseng <dennis.tseng@suse.com>
Diffstat (limited to 'Cryptlib/Library/BaseCryptLib.h')
| -rw-r--r-- | Cryptlib/Library/BaseCryptLib.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Cryptlib/Library/BaseCryptLib.h b/Cryptlib/Library/BaseCryptLib.h index ed482d3f..439f0516 100644 --- a/Cryptlib/Library/BaseCryptLib.h +++ b/Cryptlib/Library/BaseCryptLib.h @@ -2403,6 +2403,7 @@ Pkcs7Verify ( IN UINTN DataLength
);
+#if defined(ENABLE_CODESIGN_EKU)
/**
This function receives a PKCS#7 formatted signature blob,
looks for the EKU SEQUENCE blob, and if found then looks
@@ -2442,6 +2443,7 @@ VerifyEKUsInPkcs7Signature ( IN CONST UINT32 RequiredEKUsSize,
IN BOOLEAN RequireAllPresent
);
+#endif
/**
Extracts the attached content from a PKCS#7 signed data if existed. The input signed
|