Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 34db9b1894d5ad212fdc6becac60c7f16e74a8e1
commit34db9b1894d5ad212fdc6becac60c7f16e74a8e1[log] [tgz]
authorIlias Apalodimas <ilias.apalodimas@linaro.org>Fri May 06 15:36:00 2022 +0300
committerHeinrich Schuchardt <heinrich.schuchardt@canonical.com>Sat May 07 23:17:26 2022 +0200
treeb109ed047f6936b107e135b04c0e937cd912013a
parent0e1b9967cedae069ab6d36afd85c7f199c73dee4 [diff]
efi_loader: add sha384/512 on certificate revocation

Currently we don't support sha384/512 for the X.509 certificate
in dbx.  Moreover if we come across such a hash we skip the check
and approve the image,  although the image might needs to be rejected.

Rework the code a bit and fix it by adding an array of structs with the
supported GUIDs, len and literal used in the U-Boot crypto APIs instead
of hardcoding the GUID types.

It's worth noting here that efi_hash_regions() can now be reused from
efi_signature_lookup_digest() and add sha348/512 support there as well

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
4 files changed
tree: b109ed047f6936b107e135b04c0e937cd912013a
  1. .github/
  2. api/
  3. arch/
  4. board/
  5. boot/
  6. cmd/
  7. common/
  8. configs/
  9. disk/
  10. doc/
  11. drivers/
  12. dts/
  13. env/
  14. examples/
  15. fs/
  16. include/
  17. lib/
  18. Licenses/
  19. net/
  20. post/
  21. scripts/
  22. test/
  23. tools/
  24. .azure-pipelines.yml
  25. .checkpatch.conf
  26. .get_maintainer.conf
  27. .gitattributes
  28. .gitignore
  29. .gitlab-ci.yml
  30. .mailmap
  31. .readthedocs.yml
  32. config.mk
  33. Kbuild
  34. Kconfig
  35. MAINTAINERS
  36. Makefile
  37. README