Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-05-09 03:21:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

efi_loader: signature: correct a behavior against multiple signatures

Browse source 
Under the current implementation, all the signatures, if any, in
a signed image must be verified before loading it.

Meanwhile, UEFI specification v2.8b section 32.5.3.3 says,
    Multiple signatures are allowed to exist in the binary’s certificate
    table (as per PE/COFF Section “Attribute Certificate Table”). Only
    one hash or signature is required to be present in db in order to pass
    validation, so long as neither the SHA-256 hash of the binary nor any
    present signature is reflected in dbx.

This patch makes the semantics of signature verification compliant with
the specification mentioned above.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
This commit is contained in:
AKASHI Takahiro 2020-08-14 14:39:23 +09:00 committed by Heinrich Schuchardt
parent f68a6d5835
commit 52956e535e
3 changed files with 30 additions and 88 deletions
Download patch file Download diff file Expand all files Collapse all files

9
include/efi_loader.h
View file

@ -773,13 +773,16 @@ struct pkcs7_message;
bool efi_signature_lookup_digest(struct efi_image_regions *regs,
struct efi_signature_store *db);
bool efi_signature_verify_one(struct efi_image_regions *regs,
struct pkcs7_message *msg,
struct efi_signature_store *db);
bool efi_signature_verify(struct efi_image_regions *regs,
struct pkcs7_message *msg,
struct efi_signature_store *db,
struct efi_signature_store *dbx);
static inline bool efi_signature_verify_one(struct efi_image_regions *regs,
struct pkcs7_message *msg,
struct efi_signature_store *db)
{
return efi_signature_verify(regs, msg, db, NULL);
}
bool efi_signature_check_signers(struct pkcs7_message *msg,
struct efi_signature_store *dbx);