Skip to content

Commit

Permalink
mok: remove MokListTrusted from PCR 7
Browse files Browse the repository at this point in the history 
MokListTrusted was added by mistake to PCR 7 in 4e51340. The value of
MokListTrusted does not alter the behavior of secure boot so, as per
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf#page=36
(section 3.3.4 PCR usage) so it should not be factored in the value of
PCR 7.

See:
  #423
  4e51340

Fixes #484
Fixes #492
  • Loading branch information
@baloo
baloo committed Oct 21, 2022
1 parent 5c537b3 commit e7901a8
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion mok.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,6 @@ struct mok_state_variable mok_state_variable_data[] = {
EFI_VARIABLE_NON_VOLATILE,
.no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
.flags = MOK_MIRROR_DELETE_FIRST |
MOK_VARIABLE_MEASURE |
MOK_VARIABLE_INVERSE |
MOK_VARIABLE_LOG,
.pcr = 14,
Expand Down

0 comments on commit e7901a8

Please sign in to comment.