diff options
| author | Ilias Apalodimas <ilias.apalodimas@linaro.org> | 2022-01-29 00:20:32 +0200 |
|---|---|---|
| committer | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2022-01-29 10:23:40 +0100 |
| commit | 5ee900c14ff57b8c9201d7d42f018b33df3ea42a (patch) | |
| tree | 75cd9f3eb5899e9e1ed5a4936dbdaec48a46a66d | |
| parent | 4b634313232ed4a17bbf66d228764fef639e1f65 (diff) | |
efi_loader: hash the image once before checking against db/dbx
We don't have to recalculate the image hash every time we check against a
new db/dbx entry. So let's add a flag forcing it to run once since we only
support sha256 hashes
Suggested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
| -rw-r--r-- | lib/efi_loader/efi_signature.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c index eb6886cdcc..1bd1fdc95f 100644 --- a/lib/efi_loader/efi_signature.c +++ b/lib/efi_loader/efi_signature.c @@ -192,6 +192,7 @@ bool efi_signature_lookup_digest(struct efi_image_regions *regs, void *hash = NULL; size_t size = 0; bool found = false; + bool hash_done = false; EFI_PRINT("%s: Enter, %p, %p\n", __func__, regs, db); @@ -214,10 +215,12 @@ bool efi_signature_lookup_digest(struct efi_image_regions *regs, if (guidcmp(&siglist->sig_type, &efi_guid_sha256)) continue; - if (!efi_hash_regions(regs->reg, regs->num, &hash, &size)) { + if (!hash_done && + !efi_hash_regions(regs->reg, regs->num, &hash, &size)) { EFI_PRINT("Digesting an image failed\n"); break; } + hash_done = true; for (sig_data = siglist->sig_data_list; sig_data; sig_data = sig_data->next) { |