Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 069079cc781f6d8b500117b2a1a02c0677dfd39a^! / . / lib / efi_loader / efi_helper.c
commit069079cc781f6d8b500117b2a1a02c0677dfd39a[log] [tgz]
authorHeinrich Schuchardt <heinrich.schuchardt@canonical.com>Tue Sep 17 10:49:29 2024 +0200
committerTom Rini <trini@konsulko.com>Wed Oct 09 22:04:56 2024 -0600
tree02a2f3cbbb56dc29801d418a571a7219bb21c35f
parente53d011b8b40fd16687759149ea5f56367e8a678 [diff] [blame]
efi_leader: delete rng-seed if having EFI RNG protocol

For measured be boot we must avoid any volatile values in the device-tree.
We already delete /chosen/kaslr-seed if we provide and EFI RNG protocol.

Additionally remove /chosen/rng-seed provided by QEMU or U-Boot.

Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>

diff --git a/lib/efi_loader/efi_helper.c b/lib/efi_loader/efi_helper.c
index 96f8476..a481eb4 100644
--- a/lib/efi_loader/efi_helper.c
+++ b/lib/efi_loader/efi_helper.c

@@ -522,7 +522,7 @@
 	/* Create memory reservations as indicated by the device tree */
 	efi_carve_out_dt_rsv(fdt);
 
-	efi_try_purge_kaslr_seed(fdt);
+	efi_try_purge_rng_seed(fdt);
 
 	if (CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL_MEASURE_DTB)) {
 		ret = efi_tcg2_measure_dtb(fdt);