[image] Add concept of trusted images

Trusted images may always be executed.  Untrusted images may be
executed only if the current image trust requirement allows untrusted
images.

Images can be marked as trusted using image_trust(), and marked as
untrusted using image_untrust().

The current image trust requirement can be changed using
image_set_trust().  It is possible to make the change permanent, in
which case any future attempts to change the image trust requirement
will fail.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

1 files changed, 22 insertions, 0 deletions

diff --git a/src/include/ipxe/image.h b/src/include/ipxe/image.h
index dbcd6d642..500b216ed 100644
--- a/src/include/ipxe/image.h
+++ b/src/include/ipxe/image.h
@@ -64,6 +64,9 @@ struct image {
 /** Image is selected for execution */
 #define IMAGE_SELECTED 0x0002
 
+/** Image is trusted */
+#define IMAGE_TRUSTED 0x0004
+
 /** An executable image type */
 struct image_type {
 	/** Name of this image type */
@@ -148,6 +151,7 @@ extern int image_exec ( struct image *image );
 extern int image_replace ( struct image *replacement );
 extern int image_select ( struct image *image );
 extern struct image * image_find_selected ( void );
+extern int image_set_trust ( int require_trusted, int permanent );
 
 /**
  * Increment reference count on an image
@@ -181,4 +185,22 @@ static inline int image_set_name ( struct image *image, const char *name ) {
 	return 0;
 }
 
+/**
+ * Set image as trusted
+ *
+ * @v image		Image
+ */
+static inline void image_trust ( struct image *image ) {
+	image->flags |= IMAGE_TRUSTED;
+}
+
+/**
+ * Set image as untrusted
+ *
+ * @v image		Image
+ */
+static inline void image_untrust ( struct image *image ) {
+	image->flags &= ~IMAGE_TRUSTED;
+}
+
 #endif /* _IPXE_IMAGE_H */