summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
authorAKASHI Takahiro <takahiro.akashi@linaro.org>2020-08-14 14:39:23 +0900
committerHeinrich Schuchardt <xypron.glpk@gmx.de>2020-08-14 12:28:25 +0200
commit52956e535e65c852b1f95d2ca5044cb7c4fc6bbe (patch)
tree2e7e3317e17608b7c7c4c003fa15477b52d5b7b4 /test
parentf68a6d583578799ec2011476ebd1e10590c6eb3c (diff)
efi_loader: signature: correct a behavior against multiple signatures
Under the current implementation, all the signatures, if any, in a signed image must be verified before loading it. Meanwhile, UEFI specification v2.8b section 32.5.3.3 says, Multiple signatures are allowed to exist in the binary’s certificate table (as per PE/COFF Section “Attribute Certificate Table”). Only one hash or signature is required to be present in db in order to pass validation, so long as neither the SHA-256 hash of the binary nor any present signature is reflected in dbx. This patch makes the semantics of signature verification compliant with the specification mentioned above. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reported-by: Heinrich Schuchardt <xypron.glpk@gmx.de>
Diffstat (limited to 'test')
0 files changed, 0 insertions, 0 deletions