Skip to content

Commit

Permalink
Revert "Allow shim to handle multiple trusted certificates"
Browse files Browse the repository at this point in the history 
This was merged before it was really ready - verify_trusted_cert needs
to check each certificate against vendor_dbx, "dbx", and "MokListX", or
else it can enable a blacklisted certificate accidentally.

This reverts commit 8721bbe.
  • Loading branch information
@vathpela
vathpela committed Mar 23, 2018
1 parent f391e44 commit cdbfb5a
Showing 1 changed file with 8 additions and 33 deletions.
41 changes: 8 additions & 33 deletions shim.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -962,35 +962,6 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
return efi_status;
}

/*
* Check that a trusted certificate signed the binary
*/
static BOOLEAN verify_trusted_cert(const WIN_CERTIFICATE_EFI_PKCS *cert,
const UINT8 *sha256hash,
const UINT8 *trusted_cert,
size_t trusted_cert_len)
{
const UINT8 *tmp;
ASN1_TYPE *asn1;

while (trusted_cert_len) {
if (AuthenticodeVerify(cert->CertData,
cert->Hdr.dwLength - sizeof(cert->Hdr),
trusted_cert, trusted_cert_len,
sha256hash, SHA256_DIGEST_SIZE))
return TRUE;
tmp = trusted_cert;
asn1 = d2i_ASN1_TYPE(NULL, &tmp, trusted_cert_len);
if (!asn1)
break;
ASN1_TYPE_free(asn1);
trusted_cert_len -= (tmp - trusted_cert);
trusted_cert = tmp;
}

return FALSE;
}

/*
* Check that the signature is valid and matches the binary
*/
Expand Down Expand Up @@ -1073,8 +1044,10 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
* Check against the shim build key
*/
if (sizeof(shim_cert) &&
verify_trusted_cert(cert, sha256hash,
shim_cert, sizeof(shim_cert))) {
AuthenticodeVerify(cert->CertData,
cert->Hdr.dwLength - sizeof(cert->Hdr),
shim_cert, sizeof(shim_cert), sha256hash,
SHA256_DIGEST_SIZE)) {
update_verification_method(VERIFIED_BY_CERT);
tpm_measure_variable(L"Shim", SHIM_LOCK_GUID,
sizeof(shim_cert), shim_cert);
Expand All @@ -1090,8 +1063,10 @@ static EFI_STATUS verify_buffer (char *data, int datasize,
* And finally, check against shim's built-in key
*/
if (vendor_cert_size &&
verify_trusted_cert(cert, sha256hash,
vendor_cert, vendor_cert_size)) {
AuthenticodeVerify(cert->CertData,
cert->Hdr.dwLength - sizeof(cert->Hdr),
vendor_cert, vendor_cert_size,
sha256hash, SHA256_DIGEST_SIZE)) {
update_verification_method(VERIFIED_BY_CERT);
tpm_measure_variable(L"Shim", SHIM_LOCK_GUID,
vendor_cert_size, vendor_cert);
Expand Down

0 comments on commit cdbfb5a

Please sign in to comment.