[PATCH 1/1] efi_leader: delete rng-seed if having EFI RNG protocol
Simon Glass
sjg at chromium.org
Thu Sep 19 16:10:20 CEST 2024
Hi Heinrich,
On Sat, 14 Sept 2024 at 18:06, Heinrich Schuchardt
<heinrich.schuchardt at canonical.com> wrote:
>
> For measured be boot we must avoid any volatile values in the device-tree.
> We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol.
Could you explain a bit why this is, and where this is checked?
>
> Additionally remove /chosen/rng-seed provided by QEMU or U-Boot.
>
> Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt at canonical.com>
> ---
> include/efi_loader.h | 2 +-
> lib/efi_loader/efi_dt_fixup.c | 15 ++++++++++-----
> lib/efi_loader/efi_helper.c | 2 +-
> 3 files changed, 12 insertions(+), 7 deletions(-)
[..]
Regards,
Simon
More information about the U-Boot
mailing list