Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Kernel:tools
qemu
0011-verify-ibm-secure-boot-property.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0011-verify-ibm-secure-boot-property.patch of Package qemu
From 78f3c73e44cd909225d23df0190b8031a66d9fc0 Mon Sep 17 00:00:00 2001 From: Daniel Axtens <dja@axtens.net> Date: Mon, 28 Sep 2020 16:45:01 +1000 Subject: [PATCH 11/12] verify /ibm,secure-boot property Only enforce if it is set Signed-off-by: Daniel Axtens <dja@axtens.net> --- lib/libcrypto/appended_sig.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/roms/SLOF/lib/libcrypto/appended_sig.c b/roms/SLOF/lib/libcrypto/appended_sig.c index cb58bdc..8a76457 100644 --- a/roms/SLOF/lib/libcrypto/appended_sig.c +++ b/roms/SLOF/lib/libcrypto/appended_sig.c @@ -6,6 +6,7 @@ #include <stdlib.h> #include <mbedtls/pkcs7.h> #include "certificate.h" +#include "../../slof/paflof.h" static char appsig_magic[] = "~Module signature appended~\n"; @@ -26,6 +27,15 @@ int verify_appended_signature(void *blob, size_t len) { int rc = 0; struct module_signature *modsig; + // only verify if in secure-boot mode. + // todo - oh so much, especially error handling + forth_eval("s\" /\" find-device s\" ibm,secure-boot\" get-node get-property"); + if (forth_pop() == -1) + return 1; + forth_pop(); + if (*(int32_t *)forth_pop() < 2) + return 1; + // go to start of magic ptr = blob + (len - sizeof(appsig_magic) + 1); // appsig_magic contains null-term -- 2.33.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor