From: Michael Brown Date: Tue, 3 Feb 2026 16:02:19 +0000 (+0000) Subject: [build] Mark MS-CHAPv2 as permitted for UEFI Secure Boot X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5abbcab9092bc7226995626a65aaa3f7a409459e;p=thirdparty%2Fipxe.git [build] Mark MS-CHAPv2 as permitted for UEFI Secure Boot MS-CHAPv2 and the underlying DES algorithm are cryptographically obsolete, but still relatively widely used. There is no impact to UEFI Secure Boot from using these obsolete algorithms: the only untrusted inputs are the username, password, and received network packets, and all of these are thoroughly validated before use. Review these files and mark them as permitted for UEFI Secure Boot. Signed-off-by: Michael Brown --- diff --git a/src/crypto/des.c b/src/crypto/des.c index 206f78d50..a7fad9829 100644 --- a/src/crypto/des.c +++ b/src/crypto/des.c @@ -22,6 +22,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** @file * diff --git a/src/crypto/mschapv2.c b/src/crypto/mschapv2.c index ac55fec17..f5fc8829c 100644 --- a/src/crypto/mschapv2.c +++ b/src/crypto/mschapv2.c @@ -22,6 +22,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); /** @file * diff --git a/src/include/ipxe/des.h b/src/include/ipxe/des.h index 755a90ea0..9c1c24e57 100644 --- a/src/include/ipxe/des.h +++ b/src/include/ipxe/des.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include diff --git a/src/include/ipxe/mschapv2.h b/src/include/ipxe/mschapv2.h index 59cf37eee..e39b46335 100644 --- a/src/include/ipxe/mschapv2.h +++ b/src/include/ipxe/mschapv2.h @@ -8,6 +8,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include diff --git a/src/net/eap_mschapv2.c b/src/net/eap_mschapv2.c index 0be62ed59..791fad540 100644 --- a/src/net/eap_mschapv2.c +++ b/src/net/eap_mschapv2.c @@ -22,6 +22,7 @@ */ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL ); +FILE_SECBOOT ( PERMITTED ); #include #include