pe: read_header(): allow skipping SecDir content validation

When we're parsing the PE header of shim itself from the Loaded Image object, the signatures aren't present, but the Certificate Table entry in the Data Directory has not been cleared, so it'll fail verification. We know when we're doing that, so this patch makes that test optional. Signed-off-by: Peter Jones <pjones@redhat.com>
author: Peter Jones <pjones@redhat.com> 2025-02-25 11:44:11 -0500
committer: Peter Jones <pjones@redhat.com> 2025-02-25 19:40:54 -0500
commit: 3bce11831343ba6e67740f23ab3a6c6f09bc0bca (patch)
tree: 53a2fd99cb66cb0cd51e6bcc80d3fa0223e61699 /include/pe.h
parent: 1baf1efb37e2728104765477b12b70aeef3090af (diff)
download: efi-boot-shim-3bce11831343ba6e67740f23ab3a6c6f09bc0bca.tar.gz
efi-boot-shim-3bce11831343ba6e67740f23ab3a6c6f09bc0bca.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/include/pe.h b/include/pe.h
index 9ea9eb44..a1eb8853 100644
--- a/include/pe.h
+++ b/include/pe.h
@@ -12,7 +12,8 @@ ImageAddress (void *image, uint64_t size, uint64_t address);
 
 EFI_STATUS
 read_header(void *data, unsigned int datasize,
-	    PE_COFF_LOADER_IMAGE_CONTEXT *context);
+	    PE_COFF_LOADER_IMAGE_CONTEXT *context,
+	    bool check_secdir);
 
 EFI_STATUS verify_image(void *data, unsigned int datasize,
 			EFI_LOADED_IMAGE *li,
author	Peter Jones <pjones@redhat.com>	2025-02-25 11:44:11 -0500
committer	Peter Jones <pjones@redhat.com>	2025-02-25 19:40:54 -0500
commit	3bce11831343ba6e67740f23ab3a6c6f09bc0bca (patch)
tree	53a2fd99cb66cb0cd51e6bcc80d3fa0223e61699 /include/pe.h
parent	1baf1efb37e2728104765477b12b70aeef3090af (diff)
download	efi-boot-shim-3bce11831343ba6e67740f23ab3a6c6f09bc0bca.tar.gz efi-boot-shim-3bce11831343ba6e67740f23ab3a6c6f09bc0bca.zip