mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-12-05 02:51:00 +00:00
54cebe8a3a
The EFI spec allows for images to carry multiple signatures. Currently we don't adhere to the verification process for such images. The spec says: "Multiple signatures are allowed to exist in the binary's certificate table (as per PE/COFF Section "Attribute Certificate Table"). Only one hash or signature is required to be present in db in order to pass validation, so long as neither the SHA-256 hash of the binary nor any present signature is reflected in dbx." With our current implementation signing the image with two certificates and inserting both of them in db and one of them dbx doesn't always reject the image. The rejection depends on the order that the image was signed and the order the certificates are read (and checked) in db. While at it move the sha256 hash verification outside the signature checking loop, since it only needs to run once per image and get simplify the logic for authenticating an unsigned imahe using sha256 hashes. Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
||
---|---|---|
.. | ||
.gitignore | ||
efi_acpi.c | ||
efi_bootmgr.c | ||
efi_boottime.c | ||
efi_capsule.c | ||
efi_console.c | ||
efi_device_path.c | ||
efi_device_path_to_text.c | ||
efi_device_path_utilities.c | ||
efi_disk.c | ||
efi_dt_fixup.c | ||
efi_esrt.c | ||
efi_file.c | ||
efi_firmware.c | ||
efi_freestanding.c | ||
efi_gop.c | ||
efi_helper.c | ||
efi_hii.c | ||
efi_hii_config.c | ||
efi_image_loader.c | ||
efi_load_initrd.c | ||
efi_load_options.c | ||
efi_memory.c | ||
efi_net.c | ||
efi_riscv.c | ||
efi_rng.c | ||
efi_root_node.c | ||
efi_runtime.c | ||
efi_setup.c | ||
efi_signature.c | ||
efi_smbios.c | ||
efi_string.c | ||
efi_tcg2.c | ||
efi_unicode_collation.c | ||
efi_var_common.c | ||
efi_var_file.c | ||
efi_var_mem.c | ||
efi_var_seed.S | ||
efi_variable.c | ||
efi_variable_tee.c | ||
efi_watchdog.c | ||
helloworld.c | ||
Kconfig | ||
Makefile |