diff options
| author | Peter Jones <pjones@redhat.com> | 2020-07-23 12:36:56 -0400 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2020-07-23 22:22:04 -0400 |
| commit | dd3a5d71252a1f94e37f1a4c8841d253630b305a (patch) | |
| tree | 62599a58c09d806aae29b23e8ce17f3fec75f62a /shim.h | |
| parent | 7d542805ba5c48185128a2351bb315a5648fe3d7 (diff) | |
| download | efi-boot-shim-dd3a5d71252a1f94e37f1a4c8841d253630b305a.tar.gz efi-boot-shim-dd3a5d71252a1f94e37f1a4c8841d253630b305a.zip | |
Add support for vendor_db built-in shim authorized list.
Potential new signing strategies ( for example signing grub, fwupdate
and vmlinuz with separate certificates ) require shim to support a
vendor provided bundle of trusted certificates and hashes, which allows
shim to trust EFI binaries matching either certificate by signature or
hash in the vendor_db. Functionality is similar to vendor_dbx.
This also improves the mirroring quite a bit.
Upstream: pr#206
Diffstat (limited to 'shim.h')
| -rw-r--r-- | shim.h | 7 |
1 files changed, 6 insertions, 1 deletions
@@ -97,7 +97,11 @@ #define FALLBACK L"\\fb" EFI_ARCH L".efi" #define MOK_MANAGER L"\\mm" EFI_ARCH L".efi" -#if defined(VENDOR_CERT_FILE) +#if defined(VENDOR_DB_FILE) +# define vendor_authorized vendor_db +# define vendor_authorized_size vendor_db_size +# define vendor_authorized_category VENDOR_ADDEND_DB +#elif defined(VENDOR_CERT_FILE) # define vendor_authorized vendor_cert # define vendor_authorized_size vendor_cert_size # define vendor_authorized_category VENDOR_ADDEND_X509 @@ -116,6 +120,7 @@ #endif #include "include/asm.h" +#include "include/compiler.h" #include "include/configtable.h" #include "include/console.h" #include "include/crypt_blowfish.h" |