From ea1c872418c4cfa68a11751c7eadd98792aaeecc Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Thu, 18 Feb 2021 12:39:10 +0100
Subject: Don't re-parse the SBAT EFI variable for each binary we load.

On a typical boot we validate at least two binaries; parsing the SBAT
EFI variable each time, when it should not be changing, is not worth the
effort.

This patch moves the parsing out to some setup code, instead of doing it
during the verification stage.

Signed-off-by: Peter Jones <pjones@redhat.com>
---
 include/sbat.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'include')

diff --git a/include/sbat.h b/include/sbat.h
index 94ce01cb..9230b587 100644
--- a/include/sbat.h
+++ b/include/sbat.h
@@ -11,6 +11,7 @@ struct sbat_var {
 	const CHAR8 *component_generation;
 	list_t list;
 };
+extern list_t sbat_var;
 
 EFI_STATUS parse_sbat_var(list_t *entries);
 void cleanup_sbat_var(list_t *entries);
@@ -27,7 +28,7 @@ struct sbat_entry {
 EFI_STATUS parse_sbat(char *sbat_base, size_t sbat_size, size_t *sbats, struct sbat_entry ***sbat);
 void cleanup_sbat_entries(size_t n, struct sbat_entry **entries);
 
-EFI_STATUS verify_sbat(size_t n, struct sbat_entry **entries, list_t *var_entries);
+EFI_STATUS verify_sbat(size_t n, struct sbat_entry **entries);
 
 #endif /* !SBAT_H_ */
 // vim:fenc=utf-8:tw=75:noet
-- 
cgit v1.2.3