]> git.proxmox.com Git - efi-boot-shim.git/commit
projects / efi-boot-shim.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f500a87) | patch
Check the first 4 bytes of the certificate
authorGary Ching-Pang Lin <glin@suse.com>
Tue, 27 May 2014 09:42:00 +0000 (17:42 +0800)
committerPeter Jones <pjones@redhat.com>
Wed, 25 Jun 2014 13:55:49 +0000 (09:55 -0400)
commit5f18e2e3643524c6b6b38c44c6ce4eabdcfd59d1
treee5d62e5274b7a19b88f604a3836a719af16beb0dtree
parentf500a8742c19be604d33907b56ab9597fe448b65commit | diff
Check the first 4 bytes of the certificate

A non-DER encoding x509 certificate may be mistakenly enrolled into
db or MokList. This commit checks the first 4 bytes of the certificate
to ensure that it's DER encoding.

This commit also removes the iteration of the x509 signature list.
Per UEFI SPEC, each x509 signature list contains only one x509 certificate.
Besides, the size of certificate is incorrect. The size of the header must
be substracted from the signature size.

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
MokManager.c diff | blob | blame | history
shim.c diff | blob | blame | history
shim, a first-stage UEFI bootloader adapted for Proxmox projects