Fix a bug in DxeImageVerificationLib which will pass incorrect trust cert size to AuthenticodeVerify() function.

Signed-off-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Dong Guo <guo.dong@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>


git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@13526 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 1 insertions, 1 deletions

diff --git a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
index 093932053c..f83e530c5c 100644
--- a/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
+++ b/SecurityPkg/Library/DxeImageVerificationLib/DxeImageVerificationLib.c
@@ -984,7 +984,7 @@ IsPkcsSignedDataVerifiedBySignatureList (
           // Iterate each Signature Data Node within this CertList for verify.

           //

           RootCert      = Cert->SignatureData;

-          RootCertSize  = CertList->SignatureSize;

+          RootCertSize  = CertList->SignatureSize - sizeof (EFI_GUID);

 

           //

           // Call AuthenticodeVerify library to Verify Authenticode struct.