On Thu, Jul 16, 2020 at 11:39:36AM +, REITHER Robert - Contractor wrote:
> Hi,
>
> I think I have found a bug in
> lib/efi_loader/efi_signature.c
>
> efi_verify_certificate()
>
> + cert =
> x509_cert_parse(sig_data->data, sig_data->size);
> +
Hi,
I think I have found a bug in
lib/efi_loader/efi_signature.c
efi_verify_certificate()
+ cert =
x509_cert_parse(sig_data->data, sig_data->size);
+ if (!cert) {
+
In this commit, efi_signature_verify(with_sigdb) will be re-implemented
using pcks7_verify_one() in order to support certificates chain, where
the signer's certificate will be signed by an intermediate CA (certificate
authority) and the latter's certificate will also be signed by another CA
and so
3 matches
Mail list logo
