commit 915e4277f74d72b18719f7cce429b8aa46e6c063
author Masahisa Kojima <masahisa.kojima@linaro.org> Fri May 14 09:53:36 2021 +0900
committer Heinrich Schuchardt <xypron.glpk@gmx.de> Tue May 25 13:06:57 2021 +0200
tree 3a8ebc1a543f78b0beedfc4a0ce3df5a742daadf
parent 24269632f9c2cec0f14b8c6907473a4f4062d56d

efi_loader: expose efi_image_parse() even if UEFI Secure Boot is disabled

This is preparation for PE/COFF measurement support.
PE/COFF image hash calculation is same in both
UEFI Secure Boot image verification and measurement in
measured boot. PE/COFF image parsing functions are
gathered into efi_image_loader.c, and exposed even if
UEFI Secure Boot is not enabled.

This commit also adds the EFI_SIGNATURE_SUPPORT option
to decide if efi_signature.c shall be compiled.

Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Signed-off-by: Heinrich Schuchardt <xypron.glpk@gmx.de>

lib/efi_loader/Kconfig

diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
index eb5c4d6..98845b8 100644
--- a/lib/efi_loader/Kconfig
+++ b/lib/efi_loader/Kconfig
@@ -175,6 +175,7 @@
 	select PKCS7_VERIFY
 	select IMAGE_SIGN_INFO
 	select HASH_CALCULATE
+	select EFI_SIGNATURE_SUPPORT
 	default n
 	help
 	  Select this option if you want to enable capsule
@@ -344,6 +345,7 @@
 	select PKCS7_MESSAGE_PARSER
 	select PKCS7_VERIFY
 	select HASH_CALCULATE
+	select EFI_SIGNATURE_SUPPORT
 	default n
 	help
 	  Select this option to enable EFI secure boot support.
@@ -351,6 +353,9 @@
 	  it is signed with a trusted key. To do that, you need to install,
 	  at least, PK, KEK and db.
 
+config EFI_SIGNATURE_SUPPORT
+	bool
+
 config EFI_ESRT
 	bool "Enable the UEFI ESRT generation"
 	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT