SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0 per DBX (CVE-2019-14575) - edk2 - Cross-platform firmware development environment

diff options

author	Jian J Wang <jian.j.wang@intel.com>	2019-10-10 11:14:47 +0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2020-02-19 14:08:23 +0000
commit	c13742b180095e5181e41dffda954581ecbd9b9c (patch)
tree	163b7c882acdd8a09380c22679903f3c4f745087 /BaseTools/Source/Python/AutoGen/BuildEngine.py
parent	fbb96072233b5eaecf4d229cbee47b13dcab39e1 (diff)
download	edk2-c13742b180095e5181e41dffda954581ecbd9b9c.tar.gz edk2-c13742b180095e5181e41dffda954581ecbd9b9c.tar.bz2 edk2-c13742b180095e5181e41dffda954581ecbd9b9c.zip

SecurityPkg/DxeImageVerificationLib: reject CertStack.CertNumber==0 per DBX (CVE-2019-14575)

In case the signers' certificate stack, retrieved from the PE/COFF image's Authenticode blob, has zero elements (=there are zero signer certificates), then we should consider the image forbidden by DBX, not accepted by DBX. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

Diffstat (limited to 'BaseTools/Source/Python/AutoGen/BuildEngine.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: