jsetje
commented
2 years ago Since those files contain an ESL, there really is no need to support this many, at least if this is a special case for transports that don't support readdir.
Open vathpela opened 2 years ago
jsetje
commented
2 years ago Since those files contain an ESL, there really is no need to support this many, at least if this is a special case for transports that don't support readdir.
In https://github.com/rhboot/shim/commit/35d7378d29b9ad6f664df20efc4121e210859e65, we add a method of discovering wrapped certificates to import for validation, but it relies on opening a directory and doing
efi_status = dir->Read(dir, &buffersize, buffer);. This doesn't work when booting from TFTP, HTTP, or HTTPS, because they don't present directories in a structured way.We need a different discovery method that takes that into account. The typical way we do this is to have a template like "cert####.efi", and we iterate our load directory looking for cert0000.efi, cert0001.efi, through certffff.efi until we get an error.