mirror of
https://github.com/acidanthera/audk.git
synced 2025-07-31 01:24:12 +02:00
10b4bb8d6d
A malicious host may be able to undermine the fw_cfg interface such that loading a blob fails. In this case rather than continuing to the next boot option, the blob verifier should halt. For non-confidential guests, the error should be non-fatal. Signed-off-by: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
37 lines
984 B
C
37 lines
984 B
C
/** @file
|
|
|
|
Null implementation of the blob verifier library.
|
|
|
|
Copyright (C) 2021, IBM Corporation
|
|
|
|
SPDX-License-Identifier: BSD-2-Clause-Patent
|
|
**/
|
|
|
|
#include <Library/BaseLib.h>
|
|
#include <Library/BlobVerifierLib.h>
|
|
|
|
/**
|
|
Verify blob from an external source.
|
|
|
|
@param[in] BlobName The name of the blob
|
|
@param[in] Buf The data of the blob
|
|
@param[in] BufSize The size of the blob in bytes
|
|
@param[in] FetchStatus The status of the fetch of this blob
|
|
|
|
@retval EFI_SUCCESS The blob was verified successfully or was not
|
|
found in the hash table.
|
|
@retval EFI_ACCESS_DENIED Kernel hashes not supported but the boot can
|
|
continue safely.
|
|
**/
|
|
EFI_STATUS
|
|
EFIAPI
|
|
VerifyBlob (
|
|
IN CONST CHAR16 *BlobName,
|
|
IN CONST VOID *Buf,
|
|
IN UINT32 BufSize,
|
|
IN EFI_STATUS FetchStatus
|
|
)
|
|
{
|
|
return FetchStatus;
|
|
}
|