From c03bbc6dc63b6e626e09bdf39278a340199e7057 Mon Sep 17 00:00:00 2001
From: Ross Lagerwall <ross.lagerwall@citrix.com>
Date: Thu, 13 Jun 2024 17:12:37 +0100
Subject: [PATCH] Load shim_certificates.efi during netboot

Network boot cases do not support reading through a directory but it can still
be useful to load unbundled certificates. Try to load them directly.

Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
---
 shim.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/shim.c b/shim.c
index 87202f7ff..cc2dc4fc9 100644
--- a/shim.c
+++ b/shim.c
@@ -1593,10 +1593,13 @@ load_unbundled_trust(EFI_HANDLE image_handle)
 		/*
 		 * Network boot cases do not support reading a directory. Try
 		 * to read revocations.efi to pull in any unbundled SBATLevel
-		 * updates unconditionally in those cases. This may produce
-		 * console noise when the file is not present.
+		 * updates unconditionally in those cases. Also try to read
+		 * shim_certificate.efi to load additional certificates.
+		 * This may produce console noise when the files are not
+		 * present.
 		 */
 		load_cert_file(image_handle, REVOCATIONFILE, PathName);
+		load_cert_file(image_handle, L"shim_certificate.efi", PathName);
 		goto done;
 	}