Make SHIM_LOCK_GUID a first-class object with a symbol.

Right now the CA is checking if shim builds expose a particular version of the shim protocol. To do this, they're looking for SHIM_LOCK_GUID's value in the resulting binary. Currently, with SHIM_LOCK_GUID as a macro that gets assigned to local variables, that means they have to compensate for mov instructions mixed in with the actual value. This is completely absurd, so promote it to a first-class object with a symbol to make it both easy to find and continuous. Signed-off-by: Peter Jones <pjones@redhat.com>
2025-06-04 10:20:29 +00:00 · 2013-09-23 10:22:48 -04:00 · 2013-09-23 10:22:48 -04:00 · 2901506937
commit 2901506937
parent 16854e364c
2 changed files with 3 additions and 2 deletions
--- a/shim.c
+++ b/shim.c
@ -55,6 +55,8 @@ static void *load_options;
 static UINT32 load_options_size;
 static UINT8 verbose;

+EFI_GUID SHIM_LOCK_GUID = { 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} };
+
 /*
 * The vendor certificate used for validating the second stage loader
 */
--- a/shim.h
+++ b/shim.h
@ -1,7 +1,6 @@
 #include "PeImage.h"

-#define SHIM_LOCK_GUID \
-	{ 0x605dab50, 0xe046, 0x4300, {0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23} }
+extern EFI_GUID SHIM_LOCK_GUID;

 INTERFACE_DECL(_SHIM_LOCK);