Load shim_certificates.efi during netboot

Network boot cases do not support reading through a directory but it can still be useful to load unbundled certificates. Try to load them directly. Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
rhboot · Jan 21, 2025 · b8f0495 · b8f0495
1 parent 3caa75e
commit b8f0495
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/shim.c b/shim.c
@@ -1558,10 +1558,13 @@ load_unbundled_trust(EFI_HANDLE image_handle)
 		/*
 		 * Network boot cases do not support reading a directory. Try
 		 * to read revocations.efi to pull in any unbundled SBATLevel
-		 * updates unconditionally in those cases. This may produce
-		 * console noise when the file is not present.
+		 * updates unconditionally in those cases. Also try to read
+		 * shim_certificate.efi to load additional certificates.
+		 * This may produce console noise when the files are not
+		 * present.
 		 */
 		load_cert_file(image_handle, REVOCATIONFILE, PathName);
+		load_cert_file(image_handle, L"shim_certificate.efi", PathName);
 		goto done;
 	}