From: Joe Groocock <jgroocock@cloudflare.com>
Date: Thu, 19 Dec 2019 13:08:50 +0000 (+0000)
Subject: [image] Implicitly trust first embedded image
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8488c989cc109efc8eead4a089d773848d092d02;p=thirdparty%2Fipxe.git

[image] Implicitly trust first embedded image

iPXE when used as a NIC option ROM can sometimes be reloaded by the
UEFI/BIOS and any pre-initialised memory will remain loaded. When the
imgtrust command is run it sets `require_trusted_images'. Upon
reloading, iPXE tries to load the first embedded image but fails as it
is not marked trusted.

Setting this flag ensures that imgtrust with the first embedded script
is reentrant.

Signed-off-by: Joe Groocock <jgroocock@cloudflare.com>
---

diff --git a/src/image/embedded.c b/src/image/embedded.c
index 376e5d299..3c4bee655 100644
--- a/src/image/embedded.c
+++ b/src/image/embedded.c
@@ -83,6 +83,9 @@ static void embedded_init ( void ) {
 		      image->name, strerror ( rc ) );
 		return;
 	}
+
+	/* Trust the selected image implicitly */
+	image_trust ( image );
 }
 
 /** Embedded image initialisation function */