diff options
| author | Michael Brown | 2016-03-20 18:26:09 +0100 |
|---|---|---|
| committer | Michael Brown | 2016-03-20 18:26:09 +0100 |
| commit | 0141ea3a773aea7a2f4e81b2b2143c85683cc21c (patch) | |
| tree | 9c12c6ed4744bbe441516346494e535a717cd20c /src/crypto | |
| parent | [qib7322] Add missing iounmap() (diff) | |
| download | ipxe-0141ea3a773aea7a2f4e81b2b2143c85683cc21c.tar.gz ipxe-0141ea3a773aea7a2f4e81b2b2143c85683cc21c.tar.xz ipxe-0141ea3a773aea7a2f4e81b2b2143c85683cc21c.zip | |
[crypto] Allow trusted certificates to be stored in non-volatile options
The intention of the existing code (as documented in its own comments)
is that it should be possible to override the list of trusted root
certificates using a "trust" setting held in non-volatile stored
options. However, the rootcert_init() function currently executes
before any devices have been probed, and so will not be able to
retrieve any such non-volatile stored options.
Fix by executing rootcert_init() only after devices have been probed.
Since startup functions may be executed multiple times (unlike
initialisation functions), add an explicit flag to preserve the
property that rootcert_init() should run only once.
As before, if an explicit root of trust is specified at build time,
then any runtime "trust" setting will be ignored.
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Diffstat (limited to 'src/crypto')
| -rw-r--r-- | src/crypto/rootcert.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/crypto/rootcert.c b/src/crypto/rootcert.c index 00ea1647..f7b9dcfb 100644 --- a/src/crypto/rootcert.c +++ b/src/crypto/rootcert.c @@ -93,13 +93,14 @@ struct x509_root root_certificates = { * a rebuild. */ static void rootcert_init ( void ) { + static int initialised; void *external = NULL; int len; /* Allow trusted root certificates to be overridden only if * not explicitly specified at build time. */ - if ( ALLOW_TRUST_OVERRIDE ) { + if ( ALLOW_TRUST_OVERRIDE && ( ! initialised ) ) { /* Fetch copy of "trust" setting, if it exists. This * memory will never be freed. @@ -109,6 +110,9 @@ static void rootcert_init ( void ) { root_certificates.fingerprints = external; root_certificates.count = ( len / FINGERPRINT_LEN ); } + + /* Prevent subsequent modifications */ + initialised = 1; } DBGC ( &root_certificates, "ROOTCERT using %d %s certificate(s):\n", @@ -118,6 +122,6 @@ static void rootcert_init ( void ) { } /** Root certificate initialiser */ -struct init_fn rootcert_init_fn __init_fn ( INIT_LATE ) = { - .initialise = rootcert_init, +struct startup_fn rootcert_startup_fn __startup_fn ( STARTUP_LATE ) = { + .startup = rootcert_init, }; |