On Thu, 10 Feb 2022 at 10:01, AKASHI Takahiro
wrote:
>
> On Thu, Feb 10, 2022 at 09:55:20AM +0200, Ilias Apalodimas wrote:
> > On Thu, Feb 10, 2022 at 04:41:15PM +0900, AKASHI Takahiro wrote:
> > > On Thu, Feb 10, 2022 at 09:33:46AM +0200, Ilias Apalodimas wrote:
> > > > > > > >
On Thu, Feb 10, 2022 at 09:55:20AM +0200, Ilias Apalodimas wrote:
> On Thu, Feb 10, 2022 at 04:41:15PM +0900, AKASHI Takahiro wrote:
> > On Thu, Feb 10, 2022 at 09:33:46AM +0200, Ilias Apalodimas wrote:
> > > > > > > msg = pkcs7_parse_message(auth, auth_size);
> > >
> > > [...]
>
On Thu, Feb 10, 2022 at 04:41:15PM +0900, AKASHI Takahiro wrote:
> On Thu, Feb 10, 2022 at 09:33:46AM +0200, Ilias Apalodimas wrote:
> > > > > > msg = pkcs7_parse_message(auth, auth_size);
> >
> > [...]
> >
> > > > > > @@ -717,32 +665,32 @@ static bool efi_image_authenticate(void *efi
On Thu, Feb 10, 2022 at 09:33:46AM +0200, Ilias Apalodimas wrote:
> > > > > msg = pkcs7_parse_message(auth, auth_size);
>
> [...]
>
> > > > > @@ -717,32 +665,32 @@ static bool efi_image_authenticate(void *efi,
> > > > > size_t efi_size)
> > > > >*/
> > > > >
On Thu, Feb 10, 2022 at 09:13:34AM +0200, Ilias Apalodimas wrote:
> On Thu, Feb 10, 2022 at 02:13:48PM +0900, AKASHI Takahiro wrote:
> > Hi Ilias,
> >
> > Thank you for reviewing the logic.
> >
> > On Fri, Feb 04, 2022 at 09:32:01AM +0200, Ilias Apalodimas wrote:
> > > The EFI spec allows for ima
> > > > msg = pkcs7_parse_message(auth, auth_size);
[...]
> > > > @@ -717,32 +665,32 @@ static bool efi_image_authenticate(void *efi,
> > > > size_t efi_size)
> > > > */
> > > > /* try black-list first */
> > > > if (efi_signature_
On 2/10/22 08:13, Ilias Apalodimas wrote:
On Thu, Feb 10, 2022 at 02:13:48PM +0900, AKASHI Takahiro wrote:
Hi Ilias,
Thank you for reviewing the logic.
On Fri, Feb 04, 2022 at 09:32:01AM +0200, Ilias Apalodimas wrote:
The EFI spec allows for images to carry multiple signatures. Currently
we d
On Thu, Feb 10, 2022 at 02:13:48PM +0900, AKASHI Takahiro wrote:
> Hi Ilias,
>
> Thank you for reviewing the logic.
>
> On Fri, Feb 04, 2022 at 09:32:01AM +0200, Ilias Apalodimas wrote:
> > The EFI spec allows for images to carry multiple signatures. Currently
> > we don't adhere to the verificat
Hi Ilias,
Thank you for reviewing the logic.
On Fri, Feb 04, 2022 at 09:32:01AM +0200, Ilias Apalodimas wrote:
> The EFI spec allows for images to carry multiple signatures. Currently
> we don't adhere to the verification process for such images.
In this patch, you're trying to do three things:
The EFI spec allows for images to carry multiple signatures. Currently
we don't adhere to the verification process for such images.
The spec says:
"Multiple signatures are allowed to exist in the binary's certificate
table (as per PE/COFF Section "Attribute Certificate Table"). Only one
hash or si
10 matches
Mail list logo
