Blame SOURCES/0023-shim-only-include-shim_cert.h-in-shim.c.patch

d1e1c8
From 7a3638173e406ce7cbd682213606e3152244fcb2 Mon Sep 17 00:00:00 2001
d1e1c8
From: Gary Lin <glin@suse.com>
d1e1c8
Date: Wed, 19 Dec 2018 11:27:42 +0800
d1e1c8
Subject: [PATCH 23/62] shim: only include shim_cert.h in shim.c
d1e1c8
d1e1c8
The shim_cert array was declared as a static array, and every user of
d1e1c8
shim_cert.h would create a shim_cert array for its own and grow the file
d1e1c8
size. To remove the unnecessary duplicate shim_cert arrays, this commit
d1e1c8
declares shim_cert in shim.c while other users still can access the
d1e1c8
array through the external variables: build_cert and build_cert_size.
d1e1c8
d1e1c8
Signed-off-by: Gary Lin <glin@suse.com>
d1e1c8
Upstream-commit-id: 4e2d62f0f4e
d1e1c8
---
d1e1c8
 shim.c | 11 +++++++++++
d1e1c8
 shim.h |  7 ++++---
d1e1c8
 2 files changed, 15 insertions(+), 3 deletions(-)
d1e1c8
d1e1c8
diff --git a/shim.c b/shim.c
d1e1c8
index e4d4fea226d..0a95f94b360 100644
d1e1c8
--- a/shim.c
d1e1c8
+++ b/shim.c
d1e1c8
@@ -34,6 +34,9 @@
d1e1c8
  */
d1e1c8
 
d1e1c8
 #include "shim.h"
d1e1c8
+#if defined(ENABLE_SHIM_CERT)
d1e1c8
+#include "shim_cert.h"
d1e1c8
+#endif /* defined(ENABLE_SHIM_CERT) */
d1e1c8
 
d1e1c8
 #include <openssl/err.h>
d1e1c8
 #include <openssl/bn.h>
d1e1c8
@@ -75,6 +78,10 @@ UINT32 vendor_cert_size;
d1e1c8
 UINT32 vendor_dbx_size;
d1e1c8
 UINT8 *vendor_cert;
d1e1c8
 UINT8 *vendor_dbx;
d1e1c8
+#if defined(ENABLE_SHIM_CERT)
d1e1c8
+UINT32 build_cert_size;
d1e1c8
+UINT8 *build_cert;
d1e1c8
+#endif /* defined(ENABLE_SHIM_CERT) */
d1e1c8
 
d1e1c8
 /*
d1e1c8
  * indicator of how an image has been verified
d1e1c8
@@ -2562,6 +2569,10 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab)
d1e1c8
 	vendor_dbx_size = cert_table.vendor_dbx_size;
d1e1c8
 	vendor_cert = (UINT8 *)&cert_table + cert_table.vendor_cert_offset;
d1e1c8
 	vendor_dbx = (UINT8 *)&cert_table + cert_table.vendor_dbx_offset;
d1e1c8
+#if defined(ENABLE_SHIM_CERT)
d1e1c8
+	build_cert_size = sizeof(shim_cert);
d1e1c8
+	build_cert = shim_cert;
d1e1c8
+#endif /* defined(ENABLE_SHIM_CERT) */
d1e1c8
 	CHAR16 *msgs[] = {
d1e1c8
 		L"import_mok_state() failed\n",
d1e1c8
 		L"shim_int() failed\n",
d1e1c8
diff --git a/shim.h b/shim.h
d1e1c8
index c26d5f06538..e4d40505f09 100644
d1e1c8
--- a/shim.h
d1e1c8
+++ b/shim.h
d1e1c8
@@ -122,9 +122,6 @@
d1e1c8
 #include "include/variables.h"
d1e1c8
 
d1e1c8
 #include "version.h"
d1e1c8
-#ifdef ENABLE_SHIM_CERT
d1e1c8
-#include "shim_cert.h"
d1e1c8
-#endif
d1e1c8
 
d1e1c8
 INTERFACE_DECL(_SHIM_LOCK);
d1e1c8
 
d1e1c8
@@ -172,6 +169,10 @@ extern UINT32 vendor_cert_size;
d1e1c8
 extern UINT32 vendor_dbx_size;
d1e1c8
 extern UINT8 *vendor_cert;
d1e1c8
 extern UINT8 *vendor_dbx;
d1e1c8
+#if defined(ENABLE_SHIM_CERT)
d1e1c8
+extern UINT32 build_cert_size;
d1e1c8
+extern UINT8 *build_cert;
d1e1c8
+#endif /* defined(ENABLE_SHIM_CERT) */
d1e1c8
 
d1e1c8
 extern UINT8 user_insecure_mode;
d1e1c8
 extern UINT8 ignore_db;
d1e1c8
-- 
d1e1c8
2.26.2
d1e1c8