git.ipfire.org Git - thirdparty/ipxe.git/commit

author	Michael Brown <mcb30@ipxe.org>
	Tue, 15 Apr 2025 12:11:48 +0000 (13:11 +0100)
committer	Michael Brown <mcb30@ipxe.org>
	Tue, 15 Apr 2025 12:22:00 +0000 (13:22 +0100)
commit	424839c58ab75afe483455f42a1e3345ca878eca
tree	91238a76179ff686ca22a73cbd9b42d3f44ae15b	tree
parent	37e9f785ba6573a5298cf6aea2b04bf4ad674b2f	commit \| diff

[crypto] Allow for explicit control of external trust sources

We currently disable all external trust sources (such as the UEFI
TlsCaCertificate variable) if an explicit TRUST=... parameter is
provided on the build command line.

Define an explicit TRUST_EXT build parameter that can be used to
explicitly disable external trust sources even if no TRUST=...
parameter is provided, or to explicitly enable external trust sources
even if an explicit TRUST=... parameter is provided.  For example:

   # Default trusted root certificate, disable external sources
   make TRUST_EXT=0

   # Explicit trusted root certificate, enable external sources
   make TRUST=custom.crt TRUST_EXT=1

If no TRUST_EXT parameter is specified, then continue to default to
disabling external trust sources if an explicit TRUST=... parameter is
provided, to maintain backwards compatibility with existing build
command lines.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/Makefile.housekeeping		diff \| blob \| blame \| history
src/crypto/rootcert.c		diff \| blob \| blame \| history