dany/u-boot-megous
1
0
Fork 0
mirror of https://xff.cz/git/u-boot/ synced 2025-09-03 17:52:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

efi_loader: don't load signature database from file

Browse Source 
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This commit is contained in:
Heinrich Schuchardt
2021-08-25 19:13:24 +02:00
committed by Heinrich Schuchardt
parent f3a343d733
commit 9ef82e2947
4 changed files with 29 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
include/efi_variable.h
View File

@@ -161,10 +161,13 @@ efi_status_t __maybe_unused efi_var_collect(struct efi_var_file **bufp, loff_t *
/**
* efi_var_restore() - restore EFI variables from buffer
*
* Only if @safe is set secure boot related variables will be restored.
*
* @buf: buffer
* @safe: restoring from tamper-resistant storage
* Return: status code
*/
efi_status_t efi_var_restore(struct efi_var_file *buf);
efi_status_t efi_var_restore(struct efi_var_file *buf, bool safe);
/**
* efi_var_from_file() - read variables from file