| Message ID | 20200529064130.28332-2-takahiro.akashi@linaro.org |
|---|---|
| State | Accepted |
| Commit | a4292eccfdc98b51d0200a6c912af237aeddd5c8 |
| Headers | show |
| Series | efi_loader: rework/improve UEFI secure boot code | expand |
On 5/29/20 8:41 AM, AKASHI Takahiro wrote: > The global variable, efi_guid_cert_type_pkcs7, will also be used in > efi_image_loader.c in a succeeding patch so as to correctly handle > a signature type of authenticode in signed image. > > Meanwhile, it is currently defined in efi_variable.c. Once some secure > storage solution for UEFI variables is introduced, efi_variable.c may > not always be compiled in. > > So move the definition to efi_signature.c as a common place. > > Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org> Reviewed-by: Heinrich Schuchardt <xypron.glpk at gmx.de>
diff --git a/lib/efi_loader/efi_signature.c b/lib/efi_loader/efi_signature.c index e386d65e170c..be6491c6e255 100644 --- a/lib/efi_loader/efi_signature.c +++ b/lib/efi_loader/efi_signature.c @@ -23,6 +23,7 @@ const efi_guid_t efi_guid_sha256 = EFI_CERT_SHA256_GUID; const efi_guid_t efi_guid_cert_rsa2048 = EFI_CERT_RSA2048_GUID; const efi_guid_t efi_guid_cert_x509 = EFI_CERT_X509_GUID; const efi_guid_t efi_guid_cert_x509_sha256 = EFI_CERT_X509_SHA256_GUID; +const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; #ifdef CONFIG_EFI_SECURE_BOOT diff --git a/lib/efi_loader/efi_variable.c b/lib/efi_loader/efi_variable.c index 0a43db56788a..e097670e2832 100644 --- a/lib/efi_loader/efi_variable.c +++ b/lib/efi_loader/efi_variable.c @@ -26,7 +26,6 @@ enum efi_secure_mode { EFI_MODE_DEPLOYED, }; -const efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; static bool efi_secure_boot; static int efi_secure_mode; static u8 efi_vendor_keys;
The global variable, efi_guid_cert_type_pkcs7, will also be used in efi_image_loader.c in a succeeding patch so as to correctly handle a signature type of authenticode in signed image. Meanwhile, it is currently defined in efi_variable.c. Once some secure storage solution for UEFI variables is introduced, efi_variable.c may not always be compiled in. So move the definition to efi_signature.c as a common place. Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org> --- lib/efi_loader/efi_signature.c | 1 + lib/efi_loader/efi_variable.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-)