1. 29 Dec, 2020 3 commits
  2. 14 Nov, 2020 1 commit
  3. 30 Oct, 2020 1 commit
  4. 27 Oct, 2020 2 commits
  5. 14 Sep, 2020 1 commit
  6. 06 Sep, 2020 1 commit
  7. 22 Jul, 2020 1 commit
  8. 11 Jul, 2020 1 commit
  9. 03 Jun, 2020 1 commit
  10. 19 May, 2020 1 commit
  11. 16 Apr, 2020 1 commit
    • AKASHI Takahiro's avatar
      efi_loader: image_loader: support image authentication · 4540dabd
      AKASHI Takahiro authored
      
      
      With this commit, image validation can be enforced, as UEFI specification
      section 32.5 describes, if CONFIG_EFI_SECURE_BOOT is enabled.
      
      Currently we support
      * authentication based on db and dbx,
        so dbx-validated image will always be rejected.
      * following signature types:
          EFI_CERT_SHA256_GUID (SHA256 digest for unsigned images)
          EFI_CERT_X509_GUID (x509 certificate for signed images)
      Timestamp-based certificate revocation is not supported here.
      
      Internally, authentication data is stored in one of certificates tables
      of PE image (See efi_image_parse()) and will be verified by
      efi_image_authenticate() before loading a given image.
      
      It seems that UEFI specification defines the verification process
      in a bit ambiguous way. I tried to implement it as closely to as
      EDK2 does.
      Signed-off-by: default avatarAKASHI Takahiro <takahiro.akashi@linaro.org>
      4540dabd
  12. 17 Mar, 2020 1 commit
  13. 11 Mar, 2020 1 commit
  14. 14 Jan, 2020 1 commit
  15. 07 Jan, 2020 1 commit
  16. 02 Dec, 2019 3 commits
  17. 20 Sep, 2019 1 commit
  18. 11 Aug, 2019 1 commit
  19. 30 Jul, 2019 1 commit
  20. 16 Jul, 2019 3 commits
  21. 06 Jul, 2019 4 commits
  22. 20 Jun, 2019 1 commit
  23. 14 Jun, 2019 4 commits
  24. 10 Jun, 2019 4 commits