[crypto] Allow trusted certificates to be stored in non-volatile options

The intention of the existing code (as documented in its own comments)
is that it should be possible to override the list of trusted root
certificates using a "trust" setting held in non-volatile stored
options.  However, the rootcert_init() function currently executes
before any devices have been probed, and so will not be able to
retrieve any such non-volatile stored options.

Fix by executing rootcert_init() only after devices have been probed.
Since startup functions may be executed multiple times (unlike
initialisation functions), add an explicit flag to preserve the
property that rootcert_init() should run only once.

As before, if an explicit root of trust is specified at build time,
then any runtime "trust" setting will be ignored.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/rootcert.c

  * a rebuild.
  */
 static void rootcert_init ( void ) {
+	static int initialised;
 	void *external = NULL;
 	int len;
 
 	/* Allow trusted root certificates to be overridden only if
 	 * not explicitly specified at build time.
 	 */
-	if ( ALLOW_TRUST_OVERRIDE ) {
+	if ( ALLOW_TRUST_OVERRIDE && ( ! initialised ) ) {
 
 		/* Fetch copy of "trust" setting, if it exists.  This
 		 * memory will never be freed.
 			root_certificates.fingerprints = external;
 			root_certificates.count = ( len / FINGERPRINT_LEN );
 		}
+
+		/* Prevent subsequent modifications */
+		initialised = 1;
 	}
 
 	DBGC ( &root_certificates, "ROOTCERT using %d %s certificate(s):\n",
 }
 
 /** Root certificate initialiser */
-struct init_fn rootcert_init_fn __init_fn ( INIT_LATE ) = {
-	.initialise = rootcert_init,
+struct startup_fn rootcert_startup_fn __startup_fn ( STARTUP_LATE ) = {
+	.startup = rootcert_init,
 };