Merge tag 'efi-2022-04-rc3' of https://source.denx.de/u-boot/custodians/u-boot-efi

Pull request for efi-2022-04-rc3 Documentation: * add man-page for fatload * add SMBIOS table page UEFI: * partial fix for UEFI secure boot with intermediate certs * disable watchdog when returning to command line * reset system after capsule update
author: Tom Rini <trini@konsulko.com> 2022-02-26 10:21:39 -0500
committer: Tom Rini <trini@konsulko.com> 2022-02-26 10:21:39 -0500
commit: a900c7f8161b74fc66ec715e68e7244b53f04298 (patch)
tree: b5e161da65f1c397a6465a875e7e1a352ab83208 /lib/efi_loader/efi_signature.c
parent: 7228ef94824c6442546431582dad0e3794264501 (diff)
parent: 3fa9ed9ae3b30dd6e7f5e887c76d183ad72a44a2 (diff)
1 files changed, 5 insertions, 6 deletions
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c
index 1bd1fdc95f..79ed077ae7 100644
--- a/lib/efi_loader/efi_signature.c
+++ b/lib/efi_loader/efi_signature.c
@@ -518,12 +518,11 @@ bool efi_signature_verify(struct efi_image_regions *regs,
 			goto out;
 
 		EFI_PRINT("Verifying last certificate in chain\n");
-		if (signer->self_signed) {
-			if (efi_lookup_certificate(signer, db))
-				if (efi_signature_check_revocation(sinfo,
-								   signer, dbx))
-					break;
-		} else if (efi_verify_certificate(signer, db, &root)) {
+		if (efi_lookup_certificate(signer, db))
+			if (efi_signature_check_revocation(sinfo, signer, dbx))
+				break;
+		if (!signer->self_signed &&
+		    efi_verify_certificate(signer, db, &root)) {
 			bool check;
 
 			check = efi_signature_check_revocation(sinfo, root,
author	Tom Rini <trini@konsulko.com>	2022-02-26 10:21:39 -0500
committer	Tom Rini <trini@konsulko.com>	2022-02-26 10:21:39 -0500
commit	a900c7f8161b74fc66ec715e68e7244b53f04298 (patch)
tree	b5e161da65f1c397a6465a875e7e1a352ab83208 /lib/efi_loader/efi_signature.c
parent	7228ef94824c6442546431582dad0e3794264501 (diff)
parent	3fa9ed9ae3b30dd6e7f5e887c76d183ad72a44a2 (diff)