Red Hat Bugzilla – Bug 869670
shim: GetTime may require synchronization
Last modified: 2013-01-10 03:33:42 EST
The PKCS#7 validator copied from OpenSSL appears to call the UEFI GetTime interface. According to its specification, locking is required ("During runtime, if a PC-AT CMOS device is present in the platform the caller must synchronize
access to the device before calling GetTime()."). It is probably better to have the caller pass the current time (which is mostly advisory anyway due to a lack of a trusted time source).
Only relevant at runtime, not in boot services.
(In reply to comment #1)
> Only relevant at runtime, not in boot services.
Isn't verify_buffer supposed to be able at run time?