diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/sbat.h | 4 | ||||
| -rw-r--r-- | include/sbat_var_defs.h | 17 |
2 files changed, 10 insertions, 11 deletions
diff --git a/include/sbat.h b/include/sbat.h index c94c4fba..84f5ef01 100644 --- a/include/sbat.h +++ b/include/sbat.h @@ -34,6 +34,7 @@ #define SBAT_POLICY_LATEST 1 #define SBAT_POLICY_PREVIOUS 2 #define SBAT_POLICY_RESET 3 +#define SBAT_POLICY_NOTREAD 255 extern UINTN _sbat, _esbat; @@ -52,7 +53,8 @@ extern list_t sbat_var; EFI_STATUS parse_sbat_var(list_t *entries); void cleanup_sbat_var(list_t *entries); -EFI_STATUS set_sbat_uefi_variable(void); +EFI_STATUS set_sbat_uefi_variable_internal(void); +EFI_STATUS set_sbat_uefi_variable(char *, char *); bool preserve_sbat_uefi_variable(UINT8 *sbat, UINTN sbatsize, UINT32 attributes, char *sbar_var); diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h index 5b1a764f..2ea98e4e 100644 --- a/include/sbat_var_defs.h +++ b/include/sbat_var_defs.h @@ -13,11 +13,9 @@ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n" #if defined(ENABLE_SHIM_DEVEL) -#define SBAT_VAR_PREVIOUS_DATE "2022020101" -#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n" +#define SBAT_VAR_PREVIOUS_DATE "2021030218" #define SBAT_VAR_PREVIOUS \ - SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \ - SBAT_VAR_PREVIOUS_REVOCATIONS + SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" #define SBAT_VAR_LATEST_DATE "2022050100" #define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n" @@ -26,14 +24,13 @@ SBAT_VAR_LATEST_REVOCATIONS #else /* !ENABLE_SHIM_DEVEL */ /* - * As of 2022-11-16, most folks (including Ubuntu, SUSE, openSUSE) don't have - * a "shim,2" yet, so adding that here would end up unbootable. + * At this point we do not want shim to automatically apply a + * previous revocation unless it is delivered by a separately + * installed signed revocations binary. */ -#define SBAT_VAR_PREVIOUS_DATE "2022052400" -#define SBAT_VAR_PREVIOUS_REVOCATIONS "grub,2\n" +#define SBAT_VAR_PREVIOUS_DATE "2021030218" #define SBAT_VAR_PREVIOUS \ - SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \ - SBAT_VAR_PREVIOUS_REVOCATIONS + SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" /* * Debian's grub.3 update was broken - some binaries included the SBAT |