Trait sbat::RevocationSbat

source · 
pub trait RevocationSbat<'a>: Default {
    // Required methods
    fn date(&self) -> Option<&AsciiStr>;
    fn set_date(&mut self, date: Option<&'a AsciiStr>);
    fn revoked_components(&self) -> &[Component<'a>];
    fn try_push(&mut self, component: Component<'a>) -> Result<(), PushError>;

    // Provided methods
    fn parse(input: &'a [u8]) -> Result<Self, ParseError> { ... }
    fn validate_image<I: ImageSbat<'a>>(
        &self,
        image_sbat: &I
    ) -> ValidationResult<'a> { ... }
    fn is_component_revoked(&self, input: &Component<'_>) -> bool { ... }
}
Expand description

Trait for revocation SBAT.

Typically this data comes from a UEFI variable such as SbatLevel.

Required Methods§

source

fn date(&self) -> Option<&AsciiStr>

Date when the data was last updated. This is optional metadata in the first entry and may not be present.

source

fn set_date(&mut self, date: Option<&'a AsciiStr>)

Set the date when the data was last updated.

source

fn revoked_components(&self) -> &[Component<'a>]

Get the revoked components as a slice. The component version indicates the lowest allowed version of this component; all lower versions are considered revoked.

source

fn try_push(&mut self, component: Component<'a>) -> Result<(), PushError>

Add a revoked component.

Provided Methods§

source

fn parse(input: &'a [u8]) -> Result<Self, ParseError>

Parse SBAT data from raw CSV. This data typically comes from a UEFI variable. Each record is parsed as a Component.

Any existing data is cleared before parsing.

source

fn validate_image<I: ImageSbat<'a>>( &self, image_sbat: &I ) -> ValidationResult<'a>

Check if any component in image_sbat is revoked.

Each component in the image metadata is checked against the revocation entries. If the name matches, and if the component’s version is less than the version in the corresponding revocation entry, the component is considered revoked and the image will not pass validation. If a component is not in the revocation list then it is implicitly allowed.

source

fn is_component_revoked(&self, input: &Component<'_>) -> bool

Check if the input Component is revoked.

The input is checked against each revocation component. If the names match, and if the input’s version is less than the version in the corresponding revocation component, the input is considered revoked and the image will not pass validation. If the input is not in the revocation list then it is implicitly allowed.

Implementors§

source§

impl<'a> RevocationSbat<'a> for RevocationSbatVec<'a>

source§

impl<'a, const N: usize> RevocationSbat<'a> for RevocationSbatArray<'a, N>