Don't verify images with the empty build key

We replaced the build key with an empty file while compiling shim for our distro. Skip the verification with the empty build key since this makes no sense. Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
author: Gary Ching-Pang Lin <glin@suse.com> 2014-09-30 16:13:27 +0800
committer: Peter Jones <pjones@redhat.com> 2014-10-02 00:08:50 -0400
commit: db43ba5a5fcb88e3b0acac0da5737e499be236a2 (patch)
tree: 953ad2a63698ff0ebd356980a7ed7303187ec43c /shim.c
parent: aa818fe639f103d9c40fcbc8342edd82ff5d49d2 (diff)
download: efi-boot-shim-db43ba5a5fcb88e3b0acac0da5737e499be236a2.tar.gz
efi-boot-shim-db43ba5a5fcb88e3b0acac0da5737e499be236a2.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/shim.c b/shim.c
index a282ee35..8076caa9 100644
--- a/shim.c
+++ b/shim.c
@@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 		/*
 		 * Check against the shim build key
 		 */
-		if (AuthenticodeVerify(cert->CertData,
+		if (sizeof(shim_cert) &&
+		    AuthenticodeVerify(cert->CertData,
 			       context->SecDir->Size - sizeof(cert->Hdr),
 			       shim_cert, sizeof(shim_cert), sha256hash,
 			       SHA256_DIGEST_SIZE)) {
author	Gary Ching-Pang Lin <glin@suse.com>	2014-09-30 16:13:27 +0800
committer	Peter Jones <pjones@redhat.com>	2014-10-02 00:08:50 -0400
commit	db43ba5a5fcb88e3b0acac0da5737e499be236a2 (patch)
tree	953ad2a63698ff0ebd356980a7ed7303187ec43c /shim.c
parent	aa818fe639f103d9c40fcbc8342edd82ff5d49d2 (diff)
download	efi-boot-shim-db43ba5a5fcb88e3b0acac0da5737e499be236a2.tar.gz efi-boot-shim-db43ba5a5fcb88e3b0acac0da5737e499be236a2.zip