From 3bce11831343ba6e67740f23ab3a6c6f09bc0bca Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Tue, 25 Feb 2025 11:44:11 -0500
Subject: pe: read_header(): allow skipping SecDir content validation

When we're parsing the PE header of shim itself from the Loaded Image
object, the signatures aren't present, but the Certificate Table entry
in the Data Directory has not been cleared, so it'll fail verification.

We know when we're doing that, so this patch makes that test optional.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 include/pe.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/pe.h b/include/pe.h
index 9ea9eb44..a1eb8853 100644
--- a/include/pe.h
+++ b/include/pe.h
@@ -12,7 +12,8 @@ ImageAddress (void *image, uint64_t size, uint64_t address);
 
 EFI_STATUS
 read_header(void *data, unsigned int datasize,
-	    PE_COFF_LOADER_IMAGE_CONTEXT *context);
+	    PE_COFF_LOADER_IMAGE_CONTEXT *context,
+	    bool check_secdir);
 
 EFI_STATUS verify_image(void *data, unsigned int datasize,
 			EFI_LOADED_IMAGE *li,
-- 
cgit v1.2.3