mirror of https://github.com/acidanthera/audk.git
b1c1147059
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 To avoid false-negative issue in check hash against dbx, both error condition (as return value) and check result (as out parameter) of IsSignatureFoundInDatabase() are added. So the caller of this function will know exactly if a failure is caused by a black list hit or other error happening, and enforce a more secure operation to prevent secure boot from being bypassed. For a white list check (db), there's no such necessity. All intermediate results inside this function will be checked and returned immediately upon any failure or error, like out-of-resource, hash calculation error or certificate retrieval failure. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com> |
||
|---|---|---|
| .. | ||
| DxeImageVerificationLib.c | ||
| DxeImageVerificationLib.h | ||
| DxeImageVerificationLib.inf | ||
| DxeImageVerificationLib.uni | ||
| Measurement.c | ||