diff options
author | Jun Nie <jun.nie@linaro.org> | 2021-05-27 10:59:00 +0800 |
---|---|---|
committer | Jun Nie <jun.nie@linaro.org> | 2021-05-27 12:09:19 +0800 |
commit | 5dc8258fc9d8f96250dd4f9b1f0b1209806a1250 (patch) | |
tree | 3abb38f14e0f3407ee1c1c048edf8e62fd765ea0 | |
parent | b139f0ceb39f35696a71a50b6ab78f0457b38b91 (diff) |
lib: crypto: skip signing time checkrel_imx_5.4.70_2.3.0-imx8mp-2020.04+efi+fio+advant
Skip signing time check as a workaround. The time window is one month
after the key generation. This should be fixed in key side, not in u-boot
side.
Signed-off-by: Jun Nie <jun.nie@linaro.org>
-rw-r--r-- | lib/crypto/pkcs7_verify.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c index 58683ef614..2043f8f82e 100644 --- a/lib/crypto/pkcs7_verify.c +++ b/lib/crypto/pkcs7_verify.c @@ -528,8 +528,9 @@ static int pkcs7_verify_one(struct pkcs7_message *pkcs7, if (test_bit(sinfo_has_signing_time, &sinfo->aa_set)) { if (sinfo->signing_time < sinfo->signer->valid_from || sinfo->signing_time > sinfo->signer->valid_to) { - pr_warn("Message signed outside of X.509 validity window\n"); - return -EKEYREJECTED; + pr_warn("Skip signing time check!\n"); + //pr_warn("Message signed outside of X.509 validity window\n"); + //return -EKEYREJECTED; } } |