pe: read_header(): allow skipping SecDir content validation

When we're parsing the PE header of shim itself from the Loaded Image
object, the signatures aren't present, but the Certificate Table entry
in the Data Directory has not been cleared, so it'll fail verification.

We know when we're doing that, so this patch makes that test optional.

Signed-off-by: Peter Jones <pjones@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/pe.c b/pe.c
index 40812bb7..d785c44e 100644
--- a/pe.c
+++ b/pe.c
@@ -406,7 +406,7 @@ EFI_STATUS verify_image(void *data, unsigned int datasize,
 	/*
 	 * The binary header contains relevant context and section pointers
 	 */
-	efi_status = read_header(data, datasize, context);
+	efi_status = read_header(data, datasize, context, true);
 	if (EFI_ERROR(efi_status)) {
 		perror(L"Failed to read header: %r\n", efi_status);
 		return efi_status;
@@ -482,7 +482,7 @@ handle_image (void *data, unsigned int datasize,
 	/*
 	 * The binary header contains relevant context and section pointers
 	 */
-	efi_status = read_header(data, datasize, &context);
+	efi_status = read_header(data, datasize, &context, true);
 	if (EFI_ERROR(efi_status)) {
 		perror(L"Failed to read header: %r\n", efi_status);
 		return efi_status;