diff options
author | Ilias Apalodimas <ilias.apalodimas@linaro.org> | 2022-05-06 15:36:00 +0300 |
---|---|---|
committer | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2022-05-07 23:17:26 +0200 |
commit | b436cc6a57cae017343a549f4b701e748d7e6448 (patch) | |
tree | b109ed047f6936b107e135b04c0e937cd912013a /lib/libfdt | |
parent | 3ae6cf5400ee004c309f73f358c1043cf6d8eecc (diff) | |
download | u-boot-b436cc6a57cae017343a549f4b701e748d7e6448.tar.gz u-boot-b436cc6a57cae017343a549f4b701e748d7e6448.tar.bz2 u-boot-b436cc6a57cae017343a549f4b701e748d7e6448.zip |
efi_loader: add sha384/512 on certificate revocation
Currently we don't support sha384/512 for the X.509 certificate
in dbx. Moreover if we come across such a hash we skip the check
and approve the image, although the image might needs to be rejected.
Rework the code a bit and fix it by adding an array of structs with the
supported GUIDs, len and literal used in the U-Boot crypto APIs instead
of hardcoding the GUID types.
It's worth noting here that efi_hash_regions() can now be reused from
efi_signature_lookup_digest() and add sha348/512 support there as well
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Diffstat (limited to 'lib/libfdt')
0 files changed, 0 insertions, 0 deletions