Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-05-08 10:39:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

efi_loader: don't load signature database from file

Browse source 
The UEFI specification requires that the signature database may only be
stored in tamper-resistant storage. So these variable may not be read
from an unsigned file.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
This commit is contained in:
Heinrich Schuchardt 2021-08-25 19:13:24 +02:00 committed by Heinrich Schuchardt
parent f3a343d733
commit 9ef82e2947
4 changed files with 29 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/efi_loader/efi_variable.c
View file

@ -426,7 +426,7 @@ efi_status_t efi_init_variables(void)
if (IS_ENABLED(CONFIG_EFI_VARIABLES_PRESEED)) {
ret = efi_var_restore((struct efi_var_file *)
__efi_var_file_begin);
__efi_var_file_begin, true);
if (ret != EFI_SUCCESS)
log_err("Invalid EFI variable seed\n");
}