lib: crypto: skip signing time checkrel_imx_5.4.70_2.3.0-imx8mp-2020.04+efi+fio+advant

Skip signing time check as a workaround. The time window is one month after the key generation. This should be fixed in key side, not in u-boot side. Signed-off-by: Jun Nie <jun.nie@linaro.org>
author: Jun Nie <jun.nie@linaro.org> 2021-05-27 10:59:00 +0800
committer: Jun Nie <jun.nie@linaro.org> 2021-05-27 12:09:19 +0800
commit: 5dc8258fc9d8f96250dd4f9b1f0b1209806a1250 (patch)
tree: 3abb38f14e0f3407ee1c1c048edf8e62fd765ea0
parent: b139f0ceb39f35696a71a50b6ab78f0457b38b91 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/crypto/pkcs7_verify.c b/lib/crypto/pkcs7_verify.c
index 58683ef614..2043f8f82e 100644
--- a/lib/crypto/pkcs7_verify.c
+++ b/lib/crypto/pkcs7_verify.c
@@ -528,8 +528,9 @@ static int pkcs7_verify_one(struct pkcs7_message *pkcs7,
 	if (test_bit(sinfo_has_signing_time, &sinfo->aa_set)) {
 		if (sinfo->signing_time < sinfo->signer->valid_from ||
 		    sinfo->signing_time > sinfo->signer->valid_to) {
-			pr_warn("Message signed outside of X.509 validity window\n");
-			return -EKEYREJECTED;
+			pr_warn("Skip signing time check!\n");
+			//pr_warn("Message signed outside of X.509 validity window\n");
+			//return -EKEYREJECTED;
 		}
 	}
author	Jun Nie <jun.nie@linaro.org>	2021-05-27 10:59:00 +0800
committer	Jun Nie <jun.nie@linaro.org>	2021-05-27 12:09:19 +0800
commit	5dc8258fc9d8f96250dd4f9b1f0b1209806a1250 (patch)
tree	3abb38f14e0f3407ee1c1c048edf8e62fd765ea0
parent	b139f0ceb39f35696a71a50b6ab78f0457b38b91 (diff)