Don't verify images with the empty build key

We replaced the build key with an empty file while compiling shim
for our distro. Skip the verification with the empty build key
since this makes no sense.

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
This commit is contained in:
Gary Ching-Pang Lin 2014-10-02 00:08:50 -04:00 committed by Peter Jones
parent e258243e43
commit f852734c5a

3
shim.c
View File

@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
/*
* Check against the shim build key
*/
if (AuthenticodeVerify(cert->CertData,
if (sizeof(shim_cert) &&
AuthenticodeVerify(cert->CertData,
context->SecDir->Size - sizeof(cert->Hdr),
shim_cert, sizeof(shim_cert), sha256hash,
SHA256_DIGEST_SIZE)) {