From 8e34030ba544b4583c87e070d1a1e0e6b9ff5d60 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Wed, 17 Feb 2021 14:03:48 +0100
Subject: sbat: make shim to parse it's own .sbat section on init

This is needed for shim to verify itself when booting, to make sure that
shim binaries can't be executed anymore after been revoked by SBAT.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
 include/pe.h   | 3 +++
 include/sbat.h | 2 ++
 2 files changed, 5 insertions(+)

(limited to 'include')

diff --git a/include/pe.h b/include/pe.h
index 7f2236e4..79bf440c 100644
--- a/include/pe.h
+++ b/include/pe.h
@@ -14,6 +14,9 @@ EFI_STATUS
 read_header(void *data, unsigned int datasize,
 	    PE_COFF_LOADER_IMAGE_CONTEXT *context);
 
+EFI_STATUS
+handle_sbat(char *SBATBase, size_t SBATSize);
+
 EFI_STATUS
 handle_image (void *data, unsigned int datasize,
 	      EFI_LOADED_IMAGE *li,
diff --git a/include/sbat.h b/include/sbat.h
index 9230b587..ffde202d 100644
--- a/include/sbat.h
+++ b/include/sbat.h
@@ -6,6 +6,8 @@
 #ifndef SBAT_H_
 #define SBAT_H_
 
+extern UINTN _sbat, _esbat;
+
 struct sbat_var {
 	const CHAR8 *component_name;
 	const CHAR8 *component_generation;
-- 
cgit v1.2.3