SecurityPkg/DxeImageVerificationLib: Differentiate error/search result (1) (CVE-2019-14575) - edk2 - Cross-platform firmware development environment

diff options

author	Jian J Wang <jian.j.wang@intel.com>	2019-09-16 16:52:58 +0800
committer	mergify[bot] <37929162+mergify[bot]@users.noreply.github.com>	2020-02-19 14:08:23 +0000
commit	a83dbf008cc73406cbdc0d5ac3164cc19fff6683 (patch)
tree	76b7e87a2e6c94c1b77679b254ab24fd61afd880 /BaseTools/Source/Python/AutoGen/ModuleAutoGen.py
parent	adc6898366298d1f64b91785e50095527f682758 (diff)
download	edk2-a83dbf008cc73406cbdc0d5ac3164cc19fff6683.tar.gz edk2-a83dbf008cc73406cbdc0d5ac3164cc19fff6683.tar.bz2 edk2-a83dbf008cc73406cbdc0d5ac3164cc19fff6683.zip

SecurityPkg/DxeImageVerificationLib: Differentiate error/search result (1) (CVE-2019-14575)

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1608 To avoid false-negative issue in check hash against dbx, both error condition (as return value) and check result (as out parameter) of IsCertHashFoundInDatabase() are added. So the caller of this function will know exactly if a failure is caused by a black list hit or other error happening, and enforce a more secure operation to prevent secure boot from being bypassed. For a white list check (db), there's no such necessity. Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Chao Zhang <chao.b.zhang@intel.com> Signed-off-by: Jian J Wang <jian.j.wang@intel.com> Signed-off-by: Laszlo Ersek <lersek@redhat.com> Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

Diffstat (limited to 'BaseTools/Source/Python/AutoGen/ModuleAutoGen.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: