Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
[crypto] Allow trusted certificates to be stored in non-volatile options
The intention of the existing code (as documented in its own comments) is that it should be possible to override the list of trusted root certificates using a "trust" setting held in non-volatile stored options. However, the rootcert_init() function currently executes before any devices have been probed, and so will not be able to retrieve any such non-volatile stored options. Fix by executing rootcert_init() only after devices have been probed. Since startup functions may be executed multiple times (unlike initialisation functions), add an explicit flag to preserve the property that rootcert_init() should run only once. As before, if an explicit root of trust is specified at build time, then any runtime "trust" setting will be ignored. Signed-off-by: Michael Brown <mcb30@ipxe.org>
- Loading branch information