random-mirrors/smaeul-u-boot
1
0
Fork 0
mirror of https://github.com/smaeul/u-boot.git synced 2025-10-14 12:56:00 +01:00
Code Issues Packages Projects Releases Wiki Activity

efi_loader: hash the image once before checking against db/dbx

Browse Source 
We don't have to recalculate the image hash every time we check against a
new db/dbx entry.  So let's add a flag forcing it to run once since we only
support sha256 hashes

Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This commit is contained in:
Ilias Apalodimas 2022-01-29 00:20:32 +02:00 committed by Heinrich Schuchardt
parent 4b63431323
commit 5ee900c14f
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/efi_loader/efi_signature.c
View File

@ -192,6 +192,7 @@ bool efi_signature_lookup_digest(struct efi_image_regions *regs,
void *hash = NULL; void *hash = NULL;
size_t size = 0; size_t size = 0;
bool found = false; bool found = false;
bool hash_done = false;
EFI_PRINT("%s: Enter, %p, %p\n", __func__, regs, db); EFI_PRINT("%s: Enter, %p, %p\n", __func__, regs, db);
@ -214,10 +215,12 @@ bool efi_signature_lookup_digest(struct efi_image_regions *regs,
if (guidcmp(&siglist->sig_type, &efi_guid_sha256)) if (guidcmp(&siglist->sig_type, &efi_guid_sha256))
continue; continue;
if (!efi_hash_regions(regs->reg, regs->num, &hash, &size)) { if (!hash_done &&
!efi_hash_regions(regs->reg, regs->num, &hash, &size)) {
EFI_PRINT("Digesting an image failed\n"); EFI_PRINT("Digesting an image failed\n");
break; break;
} }
hash_done = true;
for (sig_data = siglist->sig_data_list; sig_data; for (sig_data = siglist->sig_data_list; sig_data;
sig_data = sig_data->next) { sig_data = sig_data->next) {