Re: [PATCH v2 1/1] efi_leader: delete rng-seed if having EFI RNG protocol

Hi Heinrich, On Tue, 17 Sept 2024 at 11:49, Heinrich Schuchardt wrote: > > For measured be boot we must avoid any volatile values in the device-tree. > We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol. > > Additionally remove /chosen/rng-seed provided by QEMU or U-Boot. > >

[PATCH v2 1/1] efi_leader: delete rng-seed if having EFI RNG protocol

For measured be boot we must avoid any volatile values in the device-tree. We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol. Additionally remove /chosen/rng-seed provided by QEMU or U-Boot. Signed-off-by: Heinrich Schuchardt --- v2: Use an index instead of a positi

Re: [PATCH v2 1/1] efi_leader: delete rng-seed if having EFI RNG protocol

On 9/17/24 08:38, Ilias Apalodimas wrote: Hi Heinrich, On Sat, Sep 14, 2024 at 06:08:12PM +0200, Heinrich Schuchardt wrote: For measured be boot we must avoid any volatile values in the device-tree. We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol. Additionally remove /c

Re: [PATCH v2 1/1] efi_leader: delete rng-seed if having EFI RNG protocol

Hi Heinrich, On Sat, Sep 14, 2024 at 06:08:12PM +0200, Heinrich Schuchardt wrote: > For measured be boot we must avoid any volatile values in the device-tree. > We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol. > > Additionally remove /chosen/rng-seed provided by QEMU or U-B

[PATCH v2 1/1] efi_leader: delete rng-seed if having EFI RNG protocol

For measured be boot we must avoid any volatile values in the device-tree. We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol. Additionally remove /chosen/rng-seed provided by QEMU or U-Boot. Signed-off-by: Heinrich Schuchardt --- v2: put log_debug() in else branch -