diff options
| author | Jan Setje-Eilers <jan.setjeeilers@oracle.com> | 2024-04-26 15:21:07 -0700 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2024-05-08 16:25:50 -0400 |
| commit | 470a8cd1cbe11741c399f7bb33f4f3444bb68d76 (patch) | |
| tree | 18188b2fbe63394f828ba2457bc37b90b6d82b59 | |
| parent | 3e1394e8e6fd0071a69196230f991612a960c154 (diff) | |
| download | efi-boot-shim-470a8cd1cbe11741c399f7bb33f4f3444bb68d76.tar.gz efi-boot-shim-470a8cd1cbe11741c399f7bb33f4f3444bb68d76.zip | |
undo change that limits certificate files to a single file
In the ea0f9df "Allow SbatLevel data from external binary" patch
the code that tries to load any certificate file that starts with
shim_certificate was changed to only accept shim_certificate.efi
which defeats the entire point of reading through the directory.
This change reverts that.
Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com>
| -rw-r--r-- | shim.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1672,7 +1672,7 @@ load_unbundled_trust(EFI_HANDLE image_handle) * do a pass of loading revocations before we try to add * anything new to our allowlist. This is done by making two * passes over the directory, first to search for the - * revocations.efi file then to search for shim_certificate.efi + * revocations.efi file then to search for shim_certificate*.efi */ if (search_revocations && StrCaseCmp(info->FileName, REVOCATIONFILE) == 0) { @@ -1688,7 +1688,7 @@ load_unbundled_trust(EFI_HANDLE image_handle) } if (!search_revocations && - StrCaseCmp(info->FileName, L"shim_certificate.efi") == 0) { + StrnCaseCmp(info->FileName, L"shim_certificate", 16) == 0) { load_cert_file(image_handle, info->FileName, PathName); } } |