7 May
2022
7 May
'22
9:11 a.m.
Hi Heinrich,
[...]
/*@@ -500,7 +528,9 @@ bool efi_signature_verify(struct efi_image_regions *regs, */ if (!msg->data && !efi_hash_regions(regs->reg, regs->num,
(void **)&sinfo->sig->digest, NULL)) {
(void **)&sinfo->sig->digest,guid_to_sha_str(&efi_guid_sha256),The UEFI spec knows certificate types like EFI_CERT_X509_SHA512_GUID. Why do we assume SHA256 here?
This part is only used for variable authentication. This was using sha256 only before the patch, but isn't that the only thing the spec mandates for authenticated variables?
Best regards
Heinrich
NULL)) { EFI_PRINT("Digesting an image failed\n"); goto out; }