Mirrors/u-boot
2
0
Fork 0
mirror of https://github.com/AsahiLinux/u-boot synced 2024-11-28 15:41:40 +00:00
Code Issues Projects Releases Packages Wiki Activity

efi_loader: hash the image once before checking against db/dbx

Browse source 
We don't have to recalculate the image hash every time we check against a
new db/dbx entry.  So let's add a flag forcing it to run once since we only
support sha256 hashes

Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This commit is contained in:
Ilias Apalodimas 2022-01-29 00:20:32 +02:00 committed by Heinrich Schuchardt
parent 4b63431323
commit 5ee900c14f
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
lib/efi_loader/efi_signature.c
View file

@ -192,6 +192,7 @@ bool efi_signature_lookup_digest(struct efi_image_regions *regs,
void *hash = NULL;
size_t size = 0;
bool found = false;
bool hash_done = false;
EFI_PRINT("%s: Enter, %p, %p\n", __func__, regs, db);
@ -214,10 +215,12 @@ bool efi_signature_lookup_digest(struct efi_image_regions *regs,
if (guidcmp(&siglist->sig_type, &efi_guid_sha256))
continue;
if (!efi_hash_regions(regs->reg, regs->num, &hash, &size)) {
if (!hash_done &&
!efi_hash_regions(regs->reg, regs->num, &hash, &size)) {
EFI_PRINT("Digesting an image failed\n");
break;
}
hash_done = true;
for (sig_data = siglist->sig_data_list; sig_data;
sig_data = sig_data->next) {