proxmox-mirrors/efi-boot-shim
1
0
Fork 0
mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-07-25 05:31:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove whitelisting - the firmware will handle it via LoadImage/StartImage

Browse Source
This commit is contained in:
Matthew Garrett 2012-07-02 13:49:32 -04:00
parent d259b14060
commit f9435d9664
1 changed files with 0 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
shim.c
View File

@ -310,16 +310,6 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert, UINT8 *hash)
return EFI_SUCCESS;
}
static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert, UINT8 *hash)
{
if (check_db_hash(L"db", hash) == DATA_FOUND)
return EFI_SUCCESS;
if (check_db_cert(L"db", cert, hash) == DATA_FOUND)
return EFI_SUCCESS;
return EFI_ACCESS_DENIED;
}
/*
* Check that the signature is valid and matches the binary
*/
@ -510,13 +500,6 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
goto done;
}
status = check_whitelist(cert, hash);
if (status == EFI_SUCCESS) {
Print(L"Binary is whitelisted\n");
goto done;
}
if (!AuthenticodeVerify(cert->CertData,
context->SecDir->Size - sizeof(cert->Hdr),
vendor_cert, sizeof(vendor_cert), hash,