git.baikalelectronics.ru Git - uboot.git/commit

author	AKASHI Takahiro <takahiro.akashi@linaro.org>
	Wed, 8 Jul 2020 05:01:56 +0000 (14:01 +0900)
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>
	Sat, 11 Jul 2020 21:14:15 +0000 (23:14 +0200)
commit	3aaf68374d4b7e240a0aec2f4af9af4223d7f1aa
tree	4e66b928a431a4643041e53126d9a64cd61aff39	tree \| snapshot
parent	a7ed0a5f83ea61f7dcef4cb2cf8f6fa6feb65114	commit \| diff

efi_loader: image_loader: verification for all signatures should pass

A signed image may have multiple signatures in
  - each WIN_CERTIFICATE in authenticode, and/or
  - each SignerInfo in pkcs7 SignedData (of WIN_CERTIFICATE)

In the initial implementation of efi_image_authenticate(), the criteria
of verification check for multiple signatures case is a bit ambiguous
and it may cause inconsistent result.

With this patch, we will make sure that verification check in
efi_image_authenticate() should pass against all the signatures.
The only exception would be
  - the case where a digest algorithm used in signature is not supported by
    U-Boot, or
  - the case where parsing some portion of authenticode has failed
In those cases, we don't know how the signature be handled and should
just ignore them.

Please note that, due to this change, efi_signature_verify_with_sigdb()'s
function prototype will be modified, taking "dbx" as well as "db"
instead of outputing a "certificate." If "dbx" is null, the behavior would
be the exact same as before.
The function's name will be changed to efi_signature_verify() once
current efi_signature_verify() has gone due to further improvement
in intermediate certificates support.

Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

include/efi_loader.h		diff \| blob \| history
lib/efi_loader/efi_image_loader.c		diff \| blob \| history
lib/efi_loader/efi_signature.c		diff \| blob \| history