summaryrefslogtreecommitdiffstats
path: root/src/crypto/rootcert.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/crypto/rootcert.c')
-rw-r--r--src/crypto/rootcert.c14
1 files changed, 10 insertions, 4 deletions
diff --git a/src/crypto/rootcert.c b/src/crypto/rootcert.c
index 0835ff071..6eb08256a 100644
--- a/src/crypto/rootcert.c
+++ b/src/crypto/rootcert.c
@@ -22,6 +22,7 @@
*/
FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );
#include <stdlib.h>
#include <ipxe/crypto.h>
@@ -42,10 +43,12 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
#define FINGERPRINT_LEN SHA256_DIGEST_SIZE
/* Allow trusted certificates to be overridden if not explicitly specified */
-#ifdef TRUSTED
-#define ALLOW_TRUST_OVERRIDE 0
-#else
-#define ALLOW_TRUST_OVERRIDE 1
+#ifndef ALLOW_TRUST_OVERRIDE
+ #ifdef TRUSTED
+ #define ALLOW_TRUST_OVERRIDE 0
+ #else
+ #define ALLOW_TRUST_OVERRIDE 1
+ #endif
#endif
/* Use iPXE root CA if no trusted certificates are explicitly specified */
@@ -58,6 +61,9 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
0xed, 0x1a,
#endif
+/** Flag indicating if root of trust may be overridden at runtime */
+const int allow_trust_override = ALLOW_TRUST_OVERRIDE;
+
/** Root certificate fingerprints */
static const uint8_t fingerprints[] = { TRUSTED };
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2026-03-04 14:19:53 +0100