diff options
| author | Peter Jones <pjones@redhat.com> | 2020-07-23 12:36:56 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2020-07-23 22:22:04 -0400 |
| commit | dd3a5d71252a1f94e37f1a4c8841d253630b305a (patch) | |
| tree | 62599a58c09d806aae29b23e8ce17f3fec75f62a /Make.defaults | |
| parent | 7d542805ba5c48185128a2351bb315a5648fe3d7 (diff) | |
| download | efi-boot-shim-dd3a5d71252a1f94e37f1a4c8841d253630b305a.tar.gz efi-boot-shim-dd3a5d71252a1f94e37f1a4c8841d253630b305a.zip | |
Add support for vendor_db built-in shim authorized list.
Potential new signing strategies ( for example signing grub, fwupdate
and vmlinuz with separate certificates ) require shim to support a
vendor provided bundle of trusted certificates and hashes, which allows
shim to trust EFI binaries matching either certificate by signature or
hash in the vendor_db. Functionality is similar to vendor_dbx.
This also improves the mirroring quite a bit.
Upstream: pr#206
Diffstat (limited to 'Make.defaults')
| -rw-r--r-- | Make.defaults | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/Make.defaults b/Make.defaults index f0bfa9fd..2e01646a 100644 --- a/Make.defaults +++ b/Make.defaults @@ -125,6 +125,9 @@ BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\"" +ifneq ($(origin VENDOR_DB_FILE), undefined) + CFLAGS += -DVENDOR_DB_FILE=\"$(VENDOR_DB_FILE)\" +endif ifneq ($(origin VENDOR_CERT_FILE), undefined) CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" endif |