Hi Heinrich, On Sat, 14 Sept 2024 at 18:06, Heinrich Schuchardt <heinrich.schucha...@canonical.com> wrote: > > For measured be boot we must avoid any volatile values in the device-tree. > We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol.
Could you explain a bit why this is, and where this is checked? > > Additionally remove /chosen/rng-seed provided by QEMU or U-Boot. > > Signed-off-by: Heinrich Schuchardt <heinrich.schucha...@canonical.com> > --- > include/efi_loader.h | 2 +- > lib/efi_loader/efi_dt_fixup.c | 15 ++++++++++----- > lib/efi_loader/efi_helper.c | 2 +- > 3 files changed, 12 insertions(+), 7 deletions(-) [..] Regards, Simon
