efi_loader: image_loader: add a missing digest verification for signed PE image At the last step of PE image authentication, an image's hash value must be compared with a message digest stored as the content (of SpcPeImageData type) of pkcs7's contentInfo. Fixes: commit 4540dabdcaca ("efi_loader: image_loader: support image authentication") Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>

commit: e669c2d42ce5e569842787a96f326daef59464c2 [log] [tgz]
author: AKASHI Takahiro <takahiro.akashi@linaro.org> Tue Jul 05 14:48:14 2022 +0900
committer: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tue Jul 05 14:37:16 2022 +0200
tree: 055a12c85f577b63233ec6f8a35658cf5c134ae5
parent: e2761e2318e52f6c9a1a02d6eb9f35480a72739c [diff] [blame]
diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index e2a1a5a..e3f2402 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig

@@ -366,6 +366,7 @@
 	select X509_CERTIFICATE_PARSER
 	select PKCS7_MESSAGE_PARSER
 	select PKCS7_VERIFY
+	select MSCODE_PARSER
 	select EFI_SIGNATURE_SUPPORT
 	help
 	  Select this option to enable EFI secure boot support.
commit	e669c2d42ce5e569842787a96f326daef59464c2	[log] [tgz]
author	AKASHI Takahiro <takahiro.akashi@linaro.org>	Tue Jul 05 14:48:14 2022 +0900
committer	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Tue Jul 05 14:37:16 2022 +0200
tree	055a12c85f577b63233ec6f8a35658cf5c134ae5
parent	e2761e2318e52f6c9a1a02d6eb9f35480a72739c [diff] [blame]