From aa1b289a1a16774afc3143b8948d97261f0872d0 Mon Sep 17 00:00:00 2001
From: Arthur Gautier <arthur.gautier@arista.com>
Date: Fri, 21 Oct 2022 13:20:45 -0700
Subject: [PATCH 12/13] mok: remove MokListTrusted from PCR 7

MokListTrusted was added by mistake to PCR 7 in 4e513405. The value of
MokListTrusted does not alter the behavior of secure boot so, as per
https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf#page=36
(section 3.3.4 PCR usage) so it should not be factored in the value of
PCR 7.

See:
  https://github.com/rhboot/shim/pull/423
  https://github.com/rhboot/shim/commit/4e513405b4f1641710115780d19dcec130c5208f

Fixes https://github.com/rhboot/shim/issues/484
Fixes https://github.com/rhboot/shim/issues/492

Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
---
 mok.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/mok.c b/mok.c
index 63ddfcaaea3..9811b358626 100644
--- a/mok.c
+++ b/mok.c
@@ -178,7 +178,6 @@ struct mok_state_variable mok_state_variable_data[] = {
 		     EFI_VARIABLE_NON_VOLATILE,
 	 .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
 	 .flags = MOK_MIRROR_DELETE_FIRST |
-		  MOK_VARIABLE_MEASURE |
 		  MOK_VARIABLE_INVERSE |
 		  MOK_VARIABLE_LOG,
 	 .pcr = 14,
-- 
2.37.1