From f9435d966477b738ae5d68c220e9846b6cfe9492 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg@redhat.com>
Date: Mon, 2 Jul 2012 13:49:32 -0400
Subject: [PATCH] Remove whitelisting - the firmware will handle it via
 LoadImage/StartImage

---
 shim.c | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/shim.c b/shim.c
index 83d4b87..50f90a7 100644
--- a/shim.c
+++ b/shim.c
@@ -310,16 +310,6 @@ static EFI_STATUS check_blacklist (WIN_CERTIFICATE_EFI_PKCS *cert, UINT8 *hash)
 	return EFI_SUCCESS;
 }
 
-static EFI_STATUS check_whitelist (WIN_CERTIFICATE_EFI_PKCS *cert, UINT8 *hash)
-{
-	if (check_db_hash(L"db", hash) == DATA_FOUND)
-		return EFI_SUCCESS;
-	if (check_db_cert(L"db", cert, hash) == DATA_FOUND)
-		return EFI_SUCCESS;
-
-	return EFI_ACCESS_DENIED;
-}
-
 /*
  * Check that the signature is valid and matches the binary
  */
@@ -510,13 +500,6 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
 		goto done;
 	}
 
-	status = check_whitelist(cert, hash);
-
-	if (status == EFI_SUCCESS) {
-		Print(L"Binary is whitelisted\n");
-		goto done;
-	}
-
 	if (!AuthenticodeVerify(cert->CertData,
 				context->SecDir->Size - sizeof(cert->Hdr),
 				vendor_cert, sizeof(vendor_cert), hash,