From eef935e596214d8d54cd0119c6826a32c6ac969b Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Fri, 6 Sep 2024 00:34:41 +0530
Subject: [PATCH] sys-boot/shim: Add the SBAT data to shim binary

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
 .../src/third_party/coreos-overlay/sys-boot/shim/files/sbat.csv  | 1 +
 .../third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-boot/shim/files/sbat.csv

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/files/sbat.csv b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/files/sbat.csv
new file mode 100644
index 0000000000..c0a2f34e88
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/files/sbat.csv
@@ -0,0 +1 @@
+shim.flatcar,1,Flatcar Container Linux,shim,15.8,security@flatcar-linux.org
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild
index 6c6228ed5a..f81676c173 100644
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild
@@ -42,6 +42,7 @@ src_compile() {
     emake_args+=( ARCH=aarch64 )
   fi
   emake_args+=( ENABLE_SBSIGN=1 )
+  emake_args+=( SBATPATH="${FILESDIR}/sbat.csv" )
 
   if use official; then
     if [ -z "${SHIM_SIGNING_CERTIFICATE}" ]; then