iPXE
|
Secure Boot Advanced Targeting (SBAT) More...
Go to the source code of this file.
Macros | |
#define | SBAT_LINE(name, generation, vendor, package, version, uri) |
A single line within an SBAT CSV file. More... | |
#define | SBAT_GENERATION 1 |
SBAT format generation. More... | |
#define | IPXE_SBAT_GENERATION 1 |
Upstream security generation. More... | |
#define | SBAT_HEADER |
SBAT header line. More... | |
#define | __sbat __attribute__ (( section ( ".sbat" ), aligned ( 512 ) )) |
Mark variable as being in the ".sbat" section. More... | |
Functions | |
FILE_LICENCE (GPL2_OR_LATER_OR_UBDL) | |
Variables | |
const char sbat [] | __sbat |
SBAT data (without any NUL terminator) More... | |
Secure Boot Advanced Targeting (SBAT)
SBAT defines an encoding for security generation numbers stored as a CSV file within a special ".sbat" section in the signed binary. If a Secure Boot exploit is discovered then the generation number will be incremented alongside the corresponding fix.
Platforms may then record the minimum generation number required for any given product. This allows for an efficient revocation mechanism that consumes minimal flash storage space (in contrast to the DBX mechanism, which allows for only a single-digit number of revocation events to ever take place across all possible signed binaries).
Definition in file sbat.h.
A single line within an SBAT CSV file.
name | Machine-readable component name |
generation | Security generation number |
vendor | Human-readable vendor name |
package | Human-readable package name |
version | Human-readable package version |
uri | Contact URI |
line | CSV line |
#define IPXE_SBAT_GENERATION 1 |
Upstream security generation.
This represents the security generation of the upstream codebase. It will be incremented whenever a Secure Boot exploit is fixed in the upstream codebase.
If you do not have commit access to the upstream iPXE repository, then you may not modify this value under any circumstances.
#define SBAT_HEADER |
SBAT header line.
#define __sbat __attribute__ (( section ( ".sbat" ), aligned ( 512 ) )) |
FILE_LICENCE | ( | GPL2_OR_LATER_OR_UBDL | ) |