diff options
| author | Peter Jones <pjones@redhat.com> | 2020-07-23 12:36:56 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2020-07-23 22:22:04 -0400 |
| commit | dd3a5d71252a1f94e37f1a4c8841d253630b305a (patch) | |
| tree | 62599a58c09d806aae29b23e8ce17f3fec75f62a /include/variables.h | |
| parent | 7d542805ba5c48185128a2351bb315a5648fe3d7 (diff) | |
| download | efi-boot-shim-dd3a5d71252a1f94e37f1a4c8841d253630b305a.tar.gz efi-boot-shim-dd3a5d71252a1f94e37f1a4c8841d253630b305a.zip | |
Add support for vendor_db built-in shim authorized list.
Potential new signing strategies ( for example signing grub, fwupdate
and vmlinuz with separate certificates ) require shim to support a
vendor provided bundle of trusted certificates and hashes, which allows
shim to trust EFI binaries matching either certificate by signature or
hash in the vendor_db. Functionality is similar to vendor_dbx.
This also improves the mirroring quite a bit.
Upstream: pr#206
Diffstat (limited to 'include/variables.h')
| -rw-r--r-- | include/variables.h | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/include/variables.h b/include/variables.h index 8566a1a4..436adb46 100644 --- a/include/variables.h +++ b/include/variables.h @@ -57,7 +57,12 @@ EFI_STATUS variable_enroll_hash(CHAR16 *var, EFI_GUID owner, UINT8 hash[SHA256_DIGEST_SIZE]); EFI_STATUS -variable_create_esl(void *cert, int cert_len, EFI_GUID *type, EFI_GUID *owner, - void **out, int *outlen); +variable_create_esl(const uint8_t *cert, const size_t cert_len, + const EFI_GUID *type, const EFI_GUID *owner, + uint8_t **out, size_t *outlen); +EFI_STATUS +fill_esl(const uint8_t *data, const size_t data_len, + const EFI_GUID *type, const EFI_GUID *owner, + uint8_t *out, size_t *outlen); #endif /* SHIM_VARIABLES_H */ |