rpms / shim

Clone
Source Code
GIT

Blame SOURCES/0012-mok-remove-MokListTrusted-from-PCR-7.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   9de34fabbeb34f7b74a7edc00ace913ec7156871
  2.   SOURCES
  3.   0012-mok-remove-MokListTrusted-from-PCR-7.patch
Blob History Raw
9de34f 
From aa1b289a1a16774afc3143b8948d97261f0872d0 Mon Sep 17 00:00:00 2001
9de34f 
From: Arthur Gautier <arthur.gautier@arista.com>
9de34f 
Date: Fri, 21 Oct 2022 13:20:45 -0700
9de34f 
Subject: [PATCH 12/13] mok: remove MokListTrusted from PCR 7
9de34f
9de34f 
MokListTrusted was added by mistake to PCR 7 in 4e513405. The value of
9de34f 
MokListTrusted does not alter the behavior of secure boot so, as per
9de34f 
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf#page=36
9de34f 
(section 3.3.4 PCR usage) so it should not be factored in the value of
9de34f 
PCR 7.
9de34f
9de34f 
See:
9de34f 
  https://github.com/rhboot/shim/pull/423
9de34f 
  https://github.com/rhboot/shim/commit/4e513405b4f1641710115780d19dcec130c5208f
9de34f
9de34f 
Fixes https://github.com/rhboot/shim/issues/484
9de34f 
Fixes https://github.com/rhboot/shim/issues/492
9de34f
9de34f 
Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
9de34f 
---
9de34f 
 mok.c | 1 -
9de34f 
 1 file changed, 1 deletion(-)
9de34f
9de34f 
diff --git a/mok.c b/mok.c
9de34f 
index 63ddfcaaea3..9811b358626 100644
9de34f 
--- a/mok.c
9de34f 
+++ b/mok.c
9de34f 
@@ -178,7 +178,6 @@ struct mok_state_variable mok_state_variable_data[] = {
9de34f 
 		     EFI_VARIABLE_NON_VOLATILE,
9de34f 
 	 .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
9de34f 
 	 .flags = MOK_MIRROR_DELETE_FIRST |
9de34f 
-		  MOK_VARIABLE_MEASURE |
9de34f 
 		  MOK_VARIABLE_INVERSE |
9de34f 
 		  MOK_VARIABLE_LOG,
9de34f 
 	 .pcr = 14,
9de34f 
--
9de34f 
2.37.1
9de34f

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation