Add CA trust database to the repo.

This is needed for https support (tls server certificate verification).

Signed-off-by: Gerd Hoffmann <[email protected]>

Author: kraxel

uefi-test-runner/https/README.md

@@ -0,0 +1,7 @@
+https ca cert database in efi signature list format
+
+Copied over from centos stream 9 where this is available as
+/etc/pki/ca-trust/extracted/edk2/cacerts.bin
+
+It's the Mozilla Foundation CA certificate list, shipped in
+ca-certificates.rpm, licensed as "MIT AND GPL-2.0-or-later".

uefi-test-runner/https/cacerts.bin

@@ -540,6 +540,12 @@ pub fn run_qemu(arch: UefiArch, opt: &QemuOpt) -> Result<()> {
         None
     };
 
+    // Pass CA certificate database to the edk2 firmware, for TLS support.
+    cmd.args([
+        "-fw_cfg",
+        "name=etc/edk2/https/cacerts,file=uefi-test-runner/https/cacerts.bin",
+    ]);
+
     // Set up a software TPM if requested.
     let _tpm = if let Some(tpm_version) = opt.tpm {
         let tpm = Swtpm::spawn(tpm_version)?;