proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-08-07 01:06:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Measure into the TPM even if SecureBoot is off in shim_lock verify

Browse Source 
Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com>
This commit is contained in:
Tamas K Lengyel 2017-11-06 09:42:18 -07:00 committed by Peter Jones
parent 829d3c8265
commit 555ef92650
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
shim.c
View File

@ -1809,9 +1809,6 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
loader_is_participating = 1; loader_is_participating = 1;
in_protocol = 1; in_protocol = 1;
if (!secure_mode())
goto done;
status = read_header(buffer, size, &context); status = read_header(buffer, size, &context);
if (status != EFI_SUCCESS) if (status != EFI_SUCCESS)
goto done; goto done;
@ -1823,6 +1820,9 @@ EFI_STATUS shim_verify (void *buffer, UINT32 size)
/* Measure the binary into the TPM */ /* Measure the binary into the TPM */
tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, sha1hash, 4); tpm_log_pe((EFI_PHYSICAL_ADDRESS)(UINTN)buffer, size, sha1hash, 4);
if (!secure_mode())
goto done;
status = verify_buffer(buffer, size, &context, sha256hash, sha1hash); status = verify_buffer(buffer, size, &context, sha256hash, sha1hash);
done: done: