-/**\r
- Verify certificate in WIN_CERT_TYPE_PKCS_SIGNED_DATA format.\r
-\r
- @param[in] AuthData Pointer to the Authenticode Signature retrieved from signed image.\r
- @param[in] AuthDataSize Size of the Authenticode Signature in bytes.\r
-\r
- @retval EFI_SUCCESS Image pass verification.\r
- @retval EFI_SECURITY_VIOLATION Image fail verification.\r
-\r
-**/\r
-EFI_STATUS\r
-VerifyCertPkcsSignedData (\r
- IN UINT8 *AuthData,\r
- IN UINTN AuthDataSize\r
- )\r
-{\r
- //\r
- // 1: Find certificate from DBX forbidden database for revoked certificate.\r
- //\r
- if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid)) {\r
- //\r
- // DBX is forbidden database, if Authenticode verification pass with\r
- // one of the certificate in DBX, this image should be rejected.\r
- //\r
- return EFI_SECURITY_VIOLATION;\r
- }\r
-\r
- //\r
- // 2: Find certificate from DB database and try to verify authenticode struct.\r
- //\r
- if (IsPkcsSignedDataVerifiedBySignatureList (AuthData, AuthDataSize, EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid)) {\r
- return EFI_SUCCESS;\r
- } else {\r
- return EFI_SECURITY_VIOLATION;\r
- }\r
-}\r
-\r