Re: [PATCH 1/1] efi_leader: delete rng-seed if having EFI RNG protocol

Hi Heinrich,

On Sat, 14 Sept 2024 at 18:06, Heinrich Schuchardt heinrich.schuchardt@canonical.com wrote:

For measured be boot we must avoid any volatile values in the device-tree. We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol.

Could you explain a bit why this is, and where this is checked?

Additionally remove /chosen/rng-seed provided by QEMU or U-Boot.

Signed-off-by: Heinrich Schuchardt heinrich.schuchardt@canonical.com

include/efi_loader.h | 2 +- lib/efi_loader/efi_dt_fixup.c | 15 ++++++++++----- lib/efi_loader/efi_helper.c | 2 +- 3 files changed, 12 insertions(+), 7 deletions(-)

[..]

Regards, Simon