Revert "Allow shim to handle multiple trusted certificates"

This was merged before it was really ready - verify_trusted_cert needs to check each certificate against vendor_dbx, "dbx", and "MokListX", or else it can enable a blacklisted certificate accidentally. This reverts commit 8721bbe6fb.
2025-10-31 10:27:28 +00:00 · 2018-03-23 13:54:53 -04:00 · 2018-03-23 13:54:53 -04:00 · cdbfb5a69e
commit cdbfb5a69e
parent f391e44516
1 changed files with 8 additions and 33 deletions
--- a/shim.c
+++ b/shim.c
@ -962,35 +962,6 @@ done:
 	return efi_status;
 }

-/*
- * Check that a trusted certificate signed the binary
- */
-static BOOLEAN verify_trusted_cert(const WIN_CERTIFICATE_EFI_PKCS *cert,
-				   const UINT8 *sha256hash,
-				   const UINT8 *trusted_cert,
-				   size_t trusted_cert_len)
-{
-	const UINT8 *tmp;
-	ASN1_TYPE *asn1;
-
-	while (trusted_cert_len) {
-		if (AuthenticodeVerify(cert->CertData,
-				       cert->Hdr.dwLength - sizeof(cert->Hdr),
-				       trusted_cert, trusted_cert_len,
-				       sha256hash, SHA256_DIGEST_SIZE))
-			return TRUE;
-		tmp = trusted_cert;
-		asn1 = d2i_ASN1_TYPE(NULL, &tmp, trusted_cert_len);
-		if (!asn1)
-			break;
-		ASN1_TYPE_free(asn1);
-		trusted_cert_len -= (tmp - trusted_cert);
-		trusted_cert = tmp;
-	}
-
-	return FALSE;
-}
-
 /*
 * Check that the signature is valid and matches the binary
 */
@ -1073,8 +1044,10 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 		 * Check against the shim build key
 		 */
 		if (sizeof(shim_cert) &&
-		    verify_trusted_cert(cert, sha256hash,
-					shim_cert, sizeof(shim_cert))) {
+		    AuthenticodeVerify(cert->CertData,
+			       cert->Hdr.dwLength - sizeof(cert->Hdr),
+			       shim_cert, sizeof(shim_cert), sha256hash,
+			       SHA256_DIGEST_SIZE)) {
 			update_verification_method(VERIFIED_BY_CERT);
 			tpm_measure_variable(L"Shim", SHIM_LOCK_GUID,
 					     sizeof(shim_cert), shim_cert);
@ -1090,8 +1063,10 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 		 * And finally, check against shim's built-in key
 		 */
 		if (vendor_cert_size &&
-		    verify_trusted_cert(cert, sha256hash,
-					vendor_cert, vendor_cert_size)) {
+		    AuthenticodeVerify(cert->CertData,
+				       cert->Hdr.dwLength - sizeof(cert->Hdr),
+				       vendor_cert, vendor_cert_size,
+				       sha256hash, SHA256_DIGEST_SIZE)) {
 			update_verification_method(VERIFIED_BY_CERT);
 			tpm_measure_variable(L"Shim", SHIM_LOCK_GUID,
 					     vendor_cert_size, vendor_cert);