From dd3a5d71252a1f94e37f1a4c8841d253630b305a Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Thu, 23 Jul 2020 12:36:56 -0400
Subject: Add support for vendor_db built-in shim authorized list.

Potential new signing strategies ( for example signing grub, fwupdate
and vmlinuz with separate certificates ) require shim to support a
vendor provided bundle of trusted certificates and hashes, which allows
shim to trust EFI binaries matching either certificate by signature or
hash in the vendor_db.  Functionality is similar to vendor_dbx.

This also improves the mirroring quite a bit.
Upstream: pr#206
---
 include/variables.h | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'include/variables.h')

diff --git a/include/variables.h b/include/variables.h
index 8566a1a4..436adb46 100644
--- a/include/variables.h
+++ b/include/variables.h
@@ -57,7 +57,12 @@ EFI_STATUS
 variable_enroll_hash(CHAR16 *var, EFI_GUID owner,
 		     UINT8 hash[SHA256_DIGEST_SIZE]);
 EFI_STATUS
-variable_create_esl(void *cert, int cert_len, EFI_GUID *type, EFI_GUID *owner,
-		    void **out, int *outlen);
+variable_create_esl(const uint8_t *cert, const size_t cert_len,
+		    const EFI_GUID *type, const EFI_GUID *owner,
+		    uint8_t **out, size_t *outlen);
+EFI_STATUS
+fill_esl(const uint8_t *data, const size_t data_len,
+	 const EFI_GUID *type, const EFI_GUID *owner,
+	 uint8_t *out, size_t *outlen);
 
 #endif /* SHIM_VARIABLES_H */
-- 
cgit v1.2.3