[build] Mark core files as permitted for UEFI Secure Boot

Mark all files used in a standard build of bin-x86_64-efi/snponly.efi as permitted for UEFI Secure Boot. These files represent the core functionality of iPXE that is guaranteed to have been included in every binary that was previously subject to a security review and signed by Microsoft. It is therefore legitimate to assume that at least these files have already been reviewed to the required standard multiple times. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-01-21 09:57:23 +03:00 · 2026-01-14 13:25:34 +00:00
parent 1996e214ed
commit 6cccb3bdc0
497 changed files with 498 additions and 0 deletions
--- a/src/arch/x86/core/cpuid.c
+++ b/src/arch/x86/core/cpuid.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <string.h>
 #include <errno.h>
--- a/src/arch/x86/core/x86_string.c
+++ b/src/arch/x86/core/x86_string.c
@@ -28,6 +28,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <string.h>
 #include <config/defaults.h>
--- a/src/arch/x86/core/x86_tcpip.c
+++ b/src/arch/x86/core/x86_tcpip.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /** @file
 *
--- a/src/arch/x86/hci/commands/cpuid_cmd.c
+++ b/src/arch/x86/hci/commands/cpuid_cmd.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>
 #include <stdio.h>
--- a/src/arch/x86/include/bits/acpi.h
+++ b/src/arch/x86/include/bits/acpi.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/rsdp.h>

--- a/src/arch/x86/include/bits/endian.h
+++ b/src/arch/x86/include/bits/endian.h
@@ -2,6 +2,7 @@
 #define _BITS_ENDIAN_H

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #define __BYTE_ORDER __LITTLE_ENDIAN

--- a/src/arch/x86/include/bits/errfile.h
+++ b/src/arch/x86/include/bits/errfile.h
@@ -2,6 +2,7 @@
 #define _BITS_ERRFILE_H

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /**
 * @addtogroup errfile Error file identifiers
--- a/src/arch/x86/include/bits/io.h
+++ b/src/arch/x86/include/bits/io.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /** Page shift */
 #define PAGE_SHIFT 12
--- a/src/arch/x86/include/bits/iomap.h
+++ b/src/arch/x86/include/bits/iomap.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/iomap_pages.h>

--- a/src/arch/x86/include/bits/memmap.h
+++ b/src/arch/x86/include/bits/memmap.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/int15.h>

--- a/src/arch/x86/include/bits/nap.h
+++ b/src/arch/x86/include/bits/nap.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/bios_nap.h>

--- a/src/arch/x86/include/bits/pci_io.h
+++ b/src/arch/x86/include/bits/pci_io.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/pcibios.h>
 #include <ipxe/pcidirect.h>
--- a/src/arch/x86/include/bits/reboot.h
+++ b/src/arch/x86/include/bits/reboot.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/bios_reboot.h>

--- a/src/arch/x86/include/bits/sanboot.h
+++ b/src/arch/x86/include/bits/sanboot.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/bios_sanboot.h>

--- a/src/arch/x86/include/bits/smbios.h
+++ b/src/arch/x86/include/bits/smbios.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/bios_smbios.h>

--- a/src/arch/x86/include/bits/string.h
+++ b/src/arch/x86/include/bits/string.h
@@ -25,6 +25,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /** @file
 *
--- a/src/arch/x86/include/bits/tcpip.h
+++ b/src/arch/x86/include/bits/tcpip.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 extern uint16_t tcpip_continue_chksum ( uint16_t partial, const void *data,
 					size_t len );
--- a/src/arch/x86/include/bits/time.h
+++ b/src/arch/x86/include/bits/time.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/rtc_time.h>

--- a/src/arch/x86/include/ipxe/bios_nap.h
+++ b/src/arch/x86/include/ipxe/bios_nap.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #ifdef NAP_PCBIOS
 #define NAP_PREFIX_pcbios
--- a/src/arch/x86/include/ipxe/bios_reboot.h
+++ b/src/arch/x86/include/ipxe/bios_reboot.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #ifdef REBOOT_PCBIOS
 #define REBOOT_PREFIX_pcbios
--- a/src/arch/x86/include/ipxe/bios_sanboot.h
+++ b/src/arch/x86/include/ipxe/bios_sanboot.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #ifdef SANBOOT_PCBIOS
 #define SANBOOT_PREFIX_pcbios
--- a/src/arch/x86/include/ipxe/bios_smbios.h
+++ b/src/arch/x86/include/ipxe/bios_smbios.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #ifdef SMBIOS_PCBIOS
 #define SMBIOS_PREFIX_pcbios
--- a/src/arch/x86/include/ipxe/cpuid.h
+++ b/src/arch/x86/include/ipxe/cpuid.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>

--- a/src/arch/x86/include/ipxe/int15.h
+++ b/src/arch/x86/include/ipxe/int15.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #ifdef MEMMAP_INT15
 #define MEMMAP_PREFIX_int15
--- a/src/arch/x86/include/ipxe/iomap_pages.h
+++ b/src/arch/x86/include/ipxe/iomap_pages.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #ifdef IOMAP_PAGES
 #define IOMAP_PREFIX_pages
--- a/src/arch/x86/include/ipxe/pcibios.h
+++ b/src/arch/x86/include/ipxe/pcibios.h
@@ -10,6 +10,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #ifdef PCIAPI_PCBIOS
 #define PCIAPI_PREFIX_pcbios
--- a/src/arch/x86/include/ipxe/pcidirect.h
+++ b/src/arch/x86/include/ipxe/pcidirect.h
@@ -2,6 +2,7 @@
 #define _PCIDIRECT_H

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>
 #include <ipxe/io.h>
--- a/src/arch/x86/include/ipxe/rsdp.h
+++ b/src/arch/x86/include/ipxe/rsdp.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #ifdef ACPI_RSDP
 #define ACPI_PREFIX_rsdp
--- a/src/arch/x86/include/ipxe/rtc_time.h
+++ b/src/arch/x86/include/ipxe/rtc_time.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #ifdef TIME_RTC
 #define TIME_PREFIX_rtc
--- a/src/arch/x86/include/ipxe/x86_io.h
+++ b/src/arch/x86/include/ipxe/x86_io.h
@@ -16,6 +16,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #ifdef IOAPI_X86
 #define IOAPI_PREFIX_x86
--- a/src/arch/x86_64/include/bits/byteswap.h
+++ b/src/arch/x86_64/include/bits/byteswap.h
@@ -10,6 +10,7 @@
 #include <stdint.h>

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 static inline __attribute__ (( always_inline, const )) uint16_t
 __bswap_variable_16 ( uint16_t x ) {
--- a/src/arch/x86_64/include/bits/compiler.h
+++ b/src/arch/x86_64/include/bits/compiler.h
@@ -2,6 +2,7 @@
 #define _BITS_COMPILER_H

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /** Dummy relocation type */
 #define RELOC_TYPE_NONE R_X86_64_NONE
--- a/src/arch/x86_64/include/bits/profile.h
+++ b/src/arch/x86_64/include/bits/profile.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>

--- a/src/arch/x86_64/include/bits/stdint.h
+++ b/src/arch/x86_64/include/bits/stdint.h
@@ -2,6 +2,7 @@
 #define _BITS_STDINT_H

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 typedef __SIZE_TYPE__		size_t;
 typedef signed long		ssize_t;
--- a/src/arch/x86_64/include/bits/strings.h
+++ b/src/arch/x86_64/include/bits/strings.h
@@ -2,6 +2,7 @@
 #define _BITS_STRINGS_H

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /**
 * Find first (i.e. least significant) set bit
--- a/src/arch/x86_64/include/ipxe/efi/dhcparch.h
+++ b/src/arch/x86_64/include/ipxe/efi/dhcparch.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/dhcp.h>

--- a/src/arch/x86_64/include/limits.h
+++ b/src/arch/x86_64/include/limits.h
@@ -2,6 +2,7 @@
 #define LIMITS_H	1

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /* Number of bits in a `char' */
 #define CHAR_BIT	8
--- a/src/config/branding.h
+++ b/src/config/branding.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/colour.h
+++ b/src/config/colour.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #define COLOR_NORMAL_FG		COLOR_WHITE
 #define COLOR_NORMAL_BG		COLOR_BLUE
--- a/src/config/config.c
+++ b/src/config/config.c
@@ -20,6 +20,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/general.h>
 #include <config/console.h>
--- a/src/config/config_eap.c
+++ b/src/config/config_eap.c
@@ -20,6 +20,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/general.h>

--- a/src/config/config_efi.c
+++ b/src/config/config_efi.c
@@ -20,6 +20,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/general.h>
 #include <config/console.h>
--- a/src/config/config_ethernet.c
+++ b/src/config/config_ethernet.c
@@ -20,6 +20,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/general.h>

--- a/src/config/config_http.c
+++ b/src/config/config_http.c
@@ -20,6 +20,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/general.h>

--- a/src/config/config_pci.c
+++ b/src/config/config_pci.c
@@ -20,6 +20,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/settings.h>
 #include <config/ioapi.h>
--- a/src/config/config_route.c
+++ b/src/config/config_route.c
@@ -20,6 +20,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/general.h>

--- a/src/config/config_timer.c
+++ b/src/config/config_timer.c
@@ -20,6 +20,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/timer.h>

--- a/src/config/console.h
+++ b/src/config/console.h
@@ -11,6 +11,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/defaults.h
+++ b/src/config/defaults.h
@@ -2,6 +2,7 @@
 #define CONFIG_DEFAULTS_H

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #define CONFIG_DEFAULTS(_platform) <config/defaults/_platform.h>

--- a/src/config/defaults/efi.h
+++ b/src/config/defaults/efi.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #define UACCESS_FLAT
 #define IOMAP_VIRT
--- a/src/config/dhcp.h
+++ b/src/config/dhcp.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/fault.h
+++ b/src/config/fault.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/general.h
+++ b/src/config/general.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/ioapi.h
+++ b/src/config/ioapi.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/named.h
+++ b/src/config/named.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /* config/<name>/<header>.h */
 #ifdef CONFIG
--- a/src/config/nap.h
+++ b/src/config/nap.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/reboot.h
+++ b/src/config/reboot.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/sanboot.h
+++ b/src/config/sanboot.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/settings.h
+++ b/src/config/settings.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/sideband.h
+++ b/src/config/sideband.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 //#define	CONFIG_BOFM	/* IBM's BladeCenter Open Fabric Manager */

--- a/src/config/time.h
+++ b/src/config/time.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/timer.h
+++ b/src/config/timer.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/config/umalloc.h
+++ b/src/config/umalloc.h
@@ -8,6 +8,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <config/defaults.h>

--- a/src/core/acpi.c
+++ b/src/core/acpi.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <string.h>
 #include <errno.h>
--- a/src/core/ansicol.c
+++ b/src/core/ansicol.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdio.h>
 #include <errno.h>
--- a/src/core/ansiesc.c
+++ b/src/core/ansiesc.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <string.h>
 #include <assert.h>
--- a/src/core/asprintf.c
+++ b/src/core/asprintf.c
@@ -5,6 +5,7 @@
 #include <errno.h>

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /**
 * Write a formatted string to newly allocated memory.
--- a/src/core/base16.c
+++ b/src/core/base16.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>
 #include <stdio.h>
--- a/src/core/base64.c
+++ b/src/core/base64.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>
 #include <string.h>
--- a/src/core/basename.c
+++ b/src/core/basename.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /**
 * @file
--- a/src/core/bitmap.c
+++ b/src/core/bitmap.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <errno.h>
 #include <ipxe/bitmap.h>
--- a/src/core/blockdev.c
+++ b/src/core/blockdev.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <errno.h>
 #include <ipxe/interface.h>
--- a/src/core/blocktrans.c
+++ b/src/core/blocktrans.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /**
 * @file
--- a/src/core/cachedhcp.c
+++ b/src/core/cachedhcp.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>
 #include <stdlib.h>
--- a/src/core/console.c
+++ b/src/core/console.c
@@ -6,6 +6,7 @@
 /** @file */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /** Current console usage */
 int console_usage = CONSOLE_USAGE_STDOUT;
--- a/src/core/cpio.c
+++ b/src/core/cpio.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /** @file
 *
--- a/src/core/ctype.c
+++ b/src/core/ctype.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /**
 * @file
--- a/src/core/cwuri.c
+++ b/src/core/cwuri.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stddef.h>
 #include <ipxe/uri.h>
--- a/src/core/debug.c
+++ b/src/core/debug.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdio.h>
 #include <stdint.h>
--- a/src/core/device.c
+++ b/src/core/device.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <string.h>
 #include <ipxe/list.h>
--- a/src/core/dma.c
+++ b/src/core/dma.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <assert.h>
 #include <errno.h>
--- a/src/core/downloader.c
+++ b/src/core/downloader.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdlib.h>
 #include <string.h>
--- a/src/core/dynui.c
+++ b/src/core/dynui.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /** @file
 *
--- a/src/core/edd.c
+++ b/src/core/edd.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <errno.h>
 #include <ipxe/interface.h>
--- a/src/core/errno.c
+++ b/src/core/errno.c
@@ -1,6 +1,7 @@
 #include <errno.h>

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /** @file
 *
--- a/src/core/exec.c
+++ b/src/core/exec.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>
 #include <string.h>
--- a/src/core/getkey.c
+++ b/src/core/getkey.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ctype.h>
 #include <ipxe/console.h>
--- a/src/core/getopt.c
+++ b/src/core/getopt.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>
 #include <string.h>
--- a/src/core/image.c
+++ b/src/core/image.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stddef.h>
 #include <string.h>
--- a/src/core/init.c
+++ b/src/core/init.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <ipxe/device.h>
 #include <ipxe/console.h>
--- a/src/core/interface.c
+++ b/src/core/interface.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <string.h>
 #include <ipxe/interface.h>
--- a/src/core/iobuf.c
+++ b/src/core/iobuf.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>
 #include <strings.h>
--- a/src/core/job.c
+++ b/src/core/job.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <string.h>
 #include <errno.h>
--- a/src/core/keymap.c
+++ b/src/core/keymap.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <string.h>
 #include <ctype.h>
--- a/src/core/linebuf.c
+++ b/src/core/linebuf.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /**
 * @file
--- a/src/core/list.c
+++ b/src/core/list.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 /** @file
 *
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -13,6 +13,7 @@ Literature dealing with the network protocols:
 **************************************************************************/

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stddef.h>
 #include <stdio.h>
--- a/src/core/malloc.c
+++ b/src/core/malloc.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stddef.h>
 #include <stdint.h>
--- a/src/core/monojob.c
+++ b/src/core/monojob.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <string.h>
 #include <stdio.h>
--- a/src/core/nvo.c
+++ b/src/core/nvo.c
@@ -22,6 +22,7 @@
 */

 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
+FILE_SECBOOT ( PERMITTED );

 #include <stdint.h>
 #include <stdlib.h>
--- a/Show More
+++ b/Show More