archive-gh-me/OpenCorePkg
1
0
Fork 0
mirror of https://github.com/acidanthera/OpenCorePkg.git synced 2025-12-08 19:25:01 +00:00
Code Issues Projects Releases Wiki Activity

OpenCoreUefi: Prohibit unsigned DMG loading with secure boot

Browse Source
This commit is contained in:
vit9696 2020-08-20 22:26:41 +03:00
parent 442ec2f2c3
commit c2f7b3cea5
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Platform/OpenCore/OpenCoreUefi.c
View File

@ -379,6 +379,18 @@ OcLoadAppleSecureBoot (
SecureBootPolicy = AppleImg4SbModeMedium;
}
//
// We blindly trust DMG contents after signature verification
// essentially skipping secure boot in this case.
// Do not allow enabling one but not the other.
//
if (SecureBootPolicy != AppleImg4SbModeDisabled
&& AsciiStrCmp (OC_BLOB_GET (&Config->Misc.Security.DmgLoading), "Any") == 0) {
DEBUG ((DEBUG_ERROR, "OC: Cannot use Secure Boot with Any DmgLoading!\n"));
CpuDeadLoop ();
return;
}
DEBUG ((
DEBUG_INFO,
"OC: Loading Apple Secure Boot with %a (level %u)\n",