From 62f732207e7cbd226a11b85581c2c33e1e6be409 Mon Sep 17 00:00:00 2001
From: Michael Brown <mcb30@ipxe.org>
Date: Wed, 12 May 2021 14:13:01 +0100
Subject: [PATCH] [image] Propagate trust flag to extracted archive images

An extracted image is wholly derived from the original archive image.
If the original archive image has been verified and marked as trusted,
then this trust logically extends to any image extracted from it.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---
 src/core/archive.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/core/archive.c b/src/core/archive.c
index 7ef86bd9a..bb62c7e47 100644
--- a/src/core/archive.c
+++ b/src/core/archive.c
@@ -82,6 +82,10 @@ int image_extract ( struct image *image, const char *name,
 	if ( ( rc = register_image ( *extracted ) ) != 0 )
 		goto err_register;
 
+	/* Propagate trust flag */
+	if ( image->flags & IMAGE_TRUSTED )
+		image_trust ( *extracted );
+
 	/* Drop local reference to image */
 	image_put ( *extracted );