diff options
| -rw-r--r-- | include/sbat.h | 2 | ||||
| -rw-r--r-- | shim.c | 9 |
2 files changed, 10 insertions, 1 deletions
diff --git a/include/sbat.h b/include/sbat.h index 4be0cbb1..bb523e7e 100644 --- a/include/sbat.h +++ b/include/sbat.h @@ -38,6 +38,8 @@ #define POLICY_RESET 3 #define POLICY_NOTREAD 255 +#define REVOCATIONFILE L"revocations.efi" + extern UINTN _sbat, _esbat; struct sbat_var_entry { @@ -1590,6 +1590,13 @@ load_unbundled_trust(EFI_HANDLE image_handle) if (EFI_ERROR(efi_status)) { dprint(L"Failed to find fs on local drive (netboot?): %r \n", efi_status); + /* + * Network boot cases do not support reading a directory. Try + * to read revocations.efi to pull in any unbundled SBATLevel + * updates unconditionally in those cases. This may produce + * console noise when the file is not present. + */ + load_cert_file(image_handle, REVOCATIONFILE, PathName); goto done; } @@ -1668,7 +1675,7 @@ load_unbundled_trust(EFI_HANDLE image_handle) * revocations.efi file then to search for shim_certificate.efi */ if (search_revocations && - StrCaseCmp(info->FileName, L"revocations.efi") == 0) { + StrCaseCmp(info->FileName, REVOCATIONFILE) == 0) { load_revocations_file(image_handle, PathName); search_revocations = FALSE; efi_status = root->Open(root, &dir, PathName, |