Google Git
Sign in
kernel / pub / scm / linux / kernel / git / jejb / efitools / e57bafc268511ad54598627b663a7ae86bd856f5
commite57bafc268511ad54598627b663a7ae86bd856f5[log] [tgz]
authorJames Bottomley <James.Bottomley@HansenPartnership.com>Sat Jan 05 22:46:39 2019 -0800
committerJames Bottomley <James.Bottomley@HansenPartnership.com>Sat Jan 05 22:46:39 2019 -0800
tree395e21c046d37c50dbfdabce4d93224ad10138bd
parent7c4991f1b7eea98f2b5137f274a2f23af63ac174 [diff]
use SignedData instead of PKCS7 for variable updates

The EFI standard is ambiguous about which one to use for variable
updates (it is definite about using PKCS7 for signed binaries).  Until
recently, the reference platform, tianocore, accepted both.  However
after patch

commit c035e37335ae43229d7e68de74a65f2c01ebc0af
Author: Zhang Lubo <lubo.zhang@intel.com>
Date:   Thu Jan 5 14:58:05 2017 +0800

    SecurityPkg: enhance secure boot Config Dxe & Time Based AuthVariable.

The acceptance of PKCS7 got broken.  This breakage seems to be
propagating to the UEFI ecosystem, so update the variable signing
tools to emit the SignedData type.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
1 file changed
tree: 395e21c046d37c50dbfdabce4d93224ad10138bd
  1. doc/
  2. include/
  3. lib/
  4. .gitignore
  5. cert-to-efi-hash-list.c
  6. cert-to-efi-sig-list.c
  7. COPYING
  8. efi-keytool.c
  9. efi-readvar.c
  10. efi-updatevar.c
  11. flash-var.c
  12. hash-to-efi-sig-list.c
  13. HashTool.c
  14. HelloWorld.c
  15. KeyTool.c
  16. Loader.c
  17. LockDown.c
  18. Make.rules
  19. Makefile
  20. mkusb.sh
  21. ms-kek.crt
  22. ms-uefi.crt
  23. PreLoader.c
  24. README
  25. ReadVars.c
  26. SetNull.c
  27. ShimReplace.c
  28. sig-list-to-certs.c
  29. sign-efi-sig-list.c
  30. UpdateVars.c
  31. xxdi.pl