From f852734c5a15f2fe6a76424ce23daaee870c6c4e Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Thu, 2 Oct 2014 00:08:50 -0400 Subject: [PATCH] Don't verify images with the empty build key We replaced the build key with an empty file while compiling shim for our distro. Skip the verification with the empty build key since this makes no sense. Signed-off-by: Gary Ching-Pang Lin --- shim.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shim.c b/shim.c index a282ee3..8076caa 100644 --- a/shim.c +++ b/shim.c @@ -949,7 +949,8 @@ static EFI_STATUS verify_buffer (char *data, int datasize, /* * Check against the shim build key */ - if (AuthenticodeVerify(cert->CertData, + if (sizeof(shim_cert) && + AuthenticodeVerify(cert->CertData, context->SecDir->Size - sizeof(cert->Hdr), shim_cert, sizeof(shim_cert), sha256hash, SHA256_DIGEST_SIZE)) {