efi_loader: correctly handle mixed hashes and signatures in db A mix of signatures and hashes in db doesn't always work as intended. Currently if the digest algorithm is not explicitly set to sha256 we stop walking the security database and reject the image. That's problematic in case we find and try to check a signature before inspecting the sha256 hash. If the image is unsigned we will reject it even if the digest matches. Since we no longer reject the image on unknown algorithms add an explicit check and reject the image if any other hash algorithm apart from sha256 is detected on dbx. Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

commit: 71eae98b7d254b95137ca7122165f2268edf0819 [log] [tgz]
author: Ilias Apalodimas <ilias.apalodimas@linaro.org> Sat Jan 29 00:20:31 2022 +0200
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Sat Jan 29 10:23:40 2022 +0100
tree: 5af800e3a6ab14d5029ccdd9ef36add5df512441
parent: f4c5bcb3c2b7843d599121eaa8ddf82c0da5dd61 [diff] [blame]
diff --git a/include/efi_loader.h b/include/efi_loader.h
index 1fa75b4..4e50f2d 100644
--- a/include/efi_loader.h
+++ b/include/efi_loader.h

@@ -912,7 +912,8 @@
 struct pkcs7_message;
 
 bool efi_signature_lookup_digest(struct efi_image_regions *regs,
-				 struct efi_signature_store *db);
+				 struct efi_signature_store *db,
+				 bool dbx);
 bool efi_signature_verify(struct efi_image_regions *regs,
 			  struct pkcs7_message *msg,
 			  struct efi_signature_store *db,
commit	71eae98b7d254b95137ca7122165f2268edf0819	[log] [tgz]
author	Ilias Apalodimas <ilias.apalodimas@linaro.org>	Sat Jan 29 00:20:31 2022 +0200
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Sat Jan 29 10:23:40 2022 +0100
tree	5af800e3a6ab14d5029ccdd9ef36add5df512441
parent	f4c5bcb3c2b7843d599121eaa8ddf82c0da5dd61 [diff] [blame]