Merge branch 'master' into openslxopenslx

author: Simon Rettberg 2026-01-28 12:53:53 +0100
committer: Simon Rettberg 2026-01-28 12:53:53 +0100
commit: 8e82785c584dc13e20f9229decb95bd17bbe9cd1 (patch)
tree: a8b359e59196be5b2e3862bed189107f4bc9975f /src/crypto/rootcert.c
parent: Merge branch 'master' into openslx (diff)
parent: [prefix] Make unlzma.S compatible with 386 class CPUs (diff)
download: ipxe-openslx.tar.gz
ipxe-openslx.tar.xz
ipxe-openslx.zip
1 files changed, 10 insertions, 4 deletions
diff --git a/src/crypto/rootcert.c b/src/crypto/rootcert.c
index 0835ff071..6eb08256a 100644
--- a/src/crypto/rootcert.c
+++ b/src/crypto/rootcert.c
@@ -22,6 +22,7 @@
  */
 
 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
 
 #include <stdlib.h>
 #include <ipxe/crypto.h>
@@ -42,10 +43,12 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #define FINGERPRINT_LEN SHA256_DIGEST_SIZE
 
 /* Allow trusted certificates to be overridden if not explicitly specified */
-#ifdef TRUSTED
-#define ALLOW_TRUST_OVERRIDE 0
-#else
-#define ALLOW_TRUST_OVERRIDE 1
+#ifndef ALLOW_TRUST_OVERRIDE
+ #ifdef TRUSTED
+  #define ALLOW_TRUST_OVERRIDE 0
+ #else
+  #define ALLOW_TRUST_OVERRIDE 1
+ #endif
 #endif
 
 /* Use iPXE root CA if no trusted certificates are explicitly specified */
@@ -58,6 +61,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 	0xed, 0x1a,
 #endif
 
+/** Flag indicating if root of trust may be overridden at runtime */
+const int allow_trust_override = ALLOW_TRUST_OVERRIDE;
+
 /** Root certificate fingerprints */
 static const uint8_t fingerprints[] = { TRUSTED };
author	Simon Rettberg	2026-01-28 12:53:53 +0100
committer	Simon Rettberg	2026-01-28 12:53:53 +0100
commit	8e82785c584dc13e20f9229decb95bd17bbe9cd1 (patch)
tree	a8b359e59196be5b2e3862bed189107f4bc9975f /src/crypto/rootcert.c
parent	Merge branch 'master' into openslx (diff)
parent	[prefix] Make unlzma.S compatible with 386 class CPUs (diff)
download	ipxe-openslx.tar.gz ipxe-openslx.tar.xz ipxe-openslx.zip