In image verification, if image verified pass in DBT, still need to verify if
it is blocked by any other cert/cert hash from DBX.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zh...@intel.com>
---
SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git
a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 4b4d3bf..367dc36 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -12,7 +12,7 @@
DxeImageVerificationHandler(), HashPeImageByType(), HashPeImage() function
will accept
untrusted PE/COFF image and validate its data structure within this image
buffer before use.
-Copyright (c) 2009 - 2015, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD
License
which accompanies this distribution. The full text of the license may be
found at
@@ -1465,6 +1465,7 @@ IsForbiddenByDbx (
IsForbidden = TRUE;
if (PassTimestampCheck (AuthData, AuthDataSize, &RevocationTime)) {
IsForbidden = FALSE;
+ continue;
}
goto Done;
}
--
1.9.5.msysgit.1
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
