commit | 170dec90e9c3a4a1cc38a9684a1c7748f77476e8 | [log] [tgz] |
---|---|---|
author | David Howells <dhowells@redhat.com> | Tue Jul 08 19:07:52 2014 +0100 |
committer | David Howells <dhowells@redhat.com> | Tue Jul 08 19:07:52 2014 +0100 |
tree | 3c18795858149fe4450fbe930a40f31c05e81dbf | |
parent | 490b28ed5e09e42a3f069b8d84c0b23025cd2003 [diff] |
pefile: Load the contained key if we consider the container to be validly signed Load the key contained in the PE binary if the signature on the container can be verified by following the chain of X.509 certificates in the PKCS#7 message to a key that we already trust. Typically, the trusted key will be acquired from a source outside of the kernel, such as the UEFI database. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org>