Add support for disabling signature verification - efi-boot-shim.git - (mirror of https://github.com/vyos/efi-boot-shim.git)

diff options

author	Matthew Garrett <mjg@redhat.com>	2012-10-18 17:41:52 -0400
committer	Matthew Garrett <mjg@redhat.com>	2012-10-18 17:41:52 -0400
commit	9272bc5b847bf30f89d9bef49fcc5b04c780460e (patch)
tree	69ccb562f28c197e22fc83c6f26ef5908b76a71c /Cryptlib/OpenSSL/crypto/buffer/buf_err.c
parent	1bc1cd96e43f73d75b4a0346532c86260cd33748 (diff)
download	efi-boot-shim-9272bc5b847bf30f89d9bef49fcc5b04c780460e.tar.gz efi-boot-shim-9272bc5b847bf30f89d9bef49fcc5b04c780460e.zip

Add support for disabling signature verification

Provide a mechanism for a physically present end user to disable signature verification. This is handled by the OS passing down a variable that contains a UINT32 and a SHA256 hash. If this variable is present, MokManager prompts the user to choose whether to enable or disable signature validation (depending on the value of the UINT32). They are then asked to type the passphrase that matches the hash. This then saves a boot services variable which is checked by shim, and if set will skip verification of signatures.

Diffstat (limited to 'Cryptlib/OpenSSL/crypto/buffer/buf_err.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: