efi_loader: don't load signature database from file

The UEFI specification requires that the signature database may only be stored in tamper-resistant storage. So these variable may not be read from an unsigned file. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
author: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 2021-08-25 19:13:24 +0200
committer: Heinrich Schuchardt <xypron.glpk@gmx.de> 2021-09-04 12:03:57 +0200
commit: 9ef82e29478c76f17b536f8f289fd0406067ab01 (patch)
tree: 50276c339c16fc0dddce721de81515e980c4a89b /lib/efi_loader/efi_var_common.c
parent: f3a343d7339acf1d531e438e15fef3c7975cfdcf (diff)
1 files changed, 0 insertions, 2 deletions
diff --git a/lib/efi_loader/efi_var_common.c b/lib/efi_loader/efi_var_common.c
index 3d92afe2eb..005c03ea5f 100644
--- a/lib/efi_loader/efi_var_common.c
+++ b/lib/efi_loader/efi_var_common.c
@@ -32,10 +32,8 @@ static const struct efi_auth_var_name_type name_type[] = {
 	{u"KEK", &efi_global_variable_guid, EFI_AUTH_VAR_KEK},
 	{u"db",  &efi_guid_image_security_database, EFI_AUTH_VAR_DB},
 	{u"dbx",  &efi_guid_image_security_database, EFI_AUTH_VAR_DBX},
-	/* not used yet
 	{u"dbt",  &efi_guid_image_security_database, EFI_AUTH_VAR_DBT},
 	{u"dbr",  &efi_guid_image_security_database, EFI_AUTH_VAR_DBR},
-	*/
 };
 
 static bool efi_secure_boot;
author	Heinrich Schuchardt <heinrich.schuchardt@canonical.com>	2021-08-25 19:13:24 +0200
committer	Heinrich Schuchardt <xypron.glpk@gmx.de>	2021-09-04 12:03:57 +0200
commit	9ef82e29478c76f17b536f8f289fd0406067ab01 (patch)
tree	50276c339c16fc0dddce721de81515e980c4a89b /lib/efi_loader/efi_var_common.c
parent	f3a343d7339acf1d531e438e15fef3c7975cfdcf (diff)