From e7901a8a72d2c8b5a78f59d78f09e58ea6005c14 Mon Sep 17 00:00:00 2001
From: Arthur Gautier <arthur.gautier@arista.com>
Date: Fri, 21 Oct 2022 13:20:45 -0700
Subject: [PATCH] mok: remove MokListTrusted from PCR 7

MokListTrusted was added by mistake to PCR 7 in 4e513405. The value of
MokListTrusted does not alter the behavior of secure boot so, as per
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf#page=36
(section 3.3.4 PCR usage) so it should not be factored in the value of
PCR 7.

See:
  https://github.com/rhboot/shim/pull/423
  https://github.com/rhboot/shim/commit/4e513405b4f1641710115780d19dcec130c5208f

Fixes https://github.com/rhboot/shim/issues/484
Fixes https://github.com/rhboot/shim/issues/492
---
 mok.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/mok.c b/mok.c
index 63ddfcaae..9811b3586 100644
--- a/mok.c
+++ b/mok.c
@@ -178,7 +178,6 @@ struct mok_state_variable mok_state_variable_data[] = {
 		     EFI_VARIABLE_NON_VOLATILE,
 	 .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
 	 .flags = MOK_MIRROR_DELETE_FIRST |
-		  MOK_VARIABLE_MEASURE |
 		  MOK_VARIABLE_INVERSE |
 		  MOK_VARIABLE_LOG,
 	 .pcr = 14,