mirror of
https://git.proxmox.com/git/fwupd
synced 2025-05-02 00:01:06 +00:00
1abb32c623
To do this mount all ESP partitions and check all the binaries there to see if they match any entries in the new dbx. If we applied the update when a hash matched, we would unintentially 'brick' the users machine, as the grub and shim binaries *have* to be updated first. This functionality does reimplement the PE hashing functionality found in sbsigntools and pesign. This was done for 4 main reasons: * There were some memory safety issues found when fuzzing random binaries * Executing the tools hundreds of times was a lot of overhead * Operating from a blob of immutable mmap'd memory is much faster * We only need a very small amount of functionality from both tools
16 lines
378 B
C
16 lines
378 B
C
/*
|
|
* Copyright (C) 2020 Richard Hughes <richard@hughsie.com>
|
|
*
|
|
* SPDX-License-Identifier: LGPL-2.1+
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
#include <gio/gio.h>
|
|
|
|
gchar *fu_uefi_dbx_get_dbxupdate (GError **error);
|
|
gchar *fu_uefi_dbx_get_authenticode_hash (const gchar *fn,
|
|
GError **error);
|
|
gboolean fu_uefi_dbx_signature_list_validate (GPtrArray *siglists,
|
|
GError **error);
|