shim-unsigned-x64/0023-shim-only-include-shim_cert.h-in-shim.c.patch

83 lines
2.3 KiB
Diff
Raw Normal View History

From 7a3638173e406ce7cbd682213606e3152244fcb2 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Wed, 19 Dec 2018 11:27:42 +0800
Subject: [PATCH 23/62] shim: only include shim_cert.h in shim.c
The shim_cert array was declared as a static array, and every user of
shim_cert.h would create a shim_cert array for its own and grow the file
size. To remove the unnecessary duplicate shim_cert arrays, this commit
declares shim_cert in shim.c while other users still can access the
array through the external variables: build_cert and build_cert_size.
Signed-off-by: Gary Lin <glin@suse.com>
Upstream-commit-id: 4e2d62f0f4e
---
shim.c | 11 +++++++++++
shim.h | 7 ++++---
2 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/shim.c b/shim.c
index e4d4fea226d..0a95f94b360 100644
--- a/shim.c
+++ b/shim.c
@@ -34,6 +34,9 @@
*/
#include "shim.h"
+#if defined(ENABLE_SHIM_CERT)
+#include "shim_cert.h"
+#endif /* defined(ENABLE_SHIM_CERT) */
#include <openssl/err.h>
#include <openssl/bn.h>
@@ -75,6 +78,10 @@ UINT32 vendor_cert_size;
UINT32 vendor_dbx_size;
UINT8 *vendor_cert;
UINT8 *vendor_dbx;
+#if defined(ENABLE_SHIM_CERT)
+UINT32 build_cert_size;
+UINT8 *build_cert;
+#endif /* defined(ENABLE_SHIM_CERT) */
/*
* indicator of how an image has been verified
@@ -2562,6 +2569,10 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
vendor_dbx_size = cert_table.vendor_dbx_size;
vendor_cert = (UINT8 *)&cert_table + cert_table.vendor_cert_offset;
vendor_dbx = (UINT8 *)&cert_table + cert_table.vendor_dbx_offset;
+#if defined(ENABLE_SHIM_CERT)
+ build_cert_size = sizeof(shim_cert);
+ build_cert = shim_cert;
+#endif /* defined(ENABLE_SHIM_CERT) */
CHAR16 *msgs[] = {
L"import_mok_state() failed\n",
L"shim_int() failed\n",
diff --git a/shim.h b/shim.h
index c26d5f06538..e4d40505f09 100644
--- a/shim.h
+++ b/shim.h
@@ -122,9 +122,6 @@
#include "include/variables.h"
#include "version.h"
-#ifdef ENABLE_SHIM_CERT
-#include "shim_cert.h"
-#endif
INTERFACE_DECL(_SHIM_LOCK);
@@ -172,6 +169,10 @@ extern UINT32 vendor_cert_size;
extern UINT32 vendor_dbx_size;
extern UINT8 *vendor_cert;
extern UINT8 *vendor_dbx;
+#if defined(ENABLE_SHIM_CERT)
+extern UINT32 build_cert_size;
+extern UINT8 *build_cert;
+#endif /* defined(ENABLE_SHIM_CERT) */
extern UINT8 user_insecure_mode;
extern UINT8 ignore_db;
--
2.26.2