efi_loader: don't load signature database from file The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

commit: 211317c021d244344e75bb01128ff0ac991e659a [log] [tgz]
author: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Wed Aug 25 19:13:24 2021 +0200
committer: Heinrich Schuchardt <xypron.glpk@gmx.de> Sat Sep 04 12:03:57 2021 +0200
tree: 50276c339c16fc0dddce721de81515e980c4a89b
parent: f9d1f22110be177449fa65e500a684806d768d80 [diff] [blame]
diff --git a/include/efi_variable.h b/include/efi_variable.h
index 4623a64..2d97655 100644
--- a/include/efi_variable.h
+++ b/include/efi_variable.h

@@ -161,10 +161,13 @@
 /**
  * efi_var_restore() - restore EFI variables from buffer
  *
+ * Only if @safe is set secure boot related variables will be restored.
+ *
  * @buf:	buffer
+ * @safe:	restoring from tamper-resistant storage
  * Return:	status code
  */
-efi_status_t efi_var_restore(struct efi_var_file *buf);
+efi_status_t efi_var_restore(struct efi_var_file *buf, bool safe);
 
 /**
  * efi_var_from_file() - read variables from file
commit	211317c021d244344e75bb01128ff0ac991e659a	[log] [tgz]
author	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	Wed Aug 25 19:13:24 2021 +0200
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>	Sat Sep 04 12:03:57 2021 +0200
tree	50276c339c16fc0dddce721de81515e980c4a89b
parent	f9d1f22110be177449fa65e500a684806d768d80 [diff] [blame]