mirror of
https://git.proxmox.com/git/efi-boot-shim
synced 2025-08-14 01:29:44 +00:00
Don't verify images with the empty build key
We replaced the build key with an empty file while compiling shim for our distro. Skip the verification with the empty build key since this makes no sense. Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
This commit is contained in:
Gary Ching-Pang Lin
Peter Jones
parent
e258243e43
commit
f852734c5a
3
shim.c
3
shim.c
@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
|
||||
/*
|
||||
* Check against the shim build key
|
||||
*/
|
||||
if (AuthenticodeVerify(cert->CertData,
|
||||
if (sizeof(shim_cert) &&
|
||||
AuthenticodeVerify(cert->CertData,
|
||||
context->SecDir->Size - sizeof(cert->Hdr),
|
||||
shim_cert, sizeof(shim_cert), sha256hash,
|
||||
SHA256_DIGEST_SIZE)) {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user