diff options
| author | Masahisa Kojima <masahisa.kojima@linaro.org> | 2022-12-20 19:38:52 +0900 |
|---|---|---|
| committer | Heinrich Schuchardt <heinrich.schuchardt@canonical.com> | 2022-12-20 16:06:48 +0100 |
| commit | ad50ca5019ae2b4f6ad5ffb4d62808b640f7b8aa (patch) | |
| tree | 510ccb784f87ee699520789b06858cbd7dc5db44 /scripts/dtc/pylibfdt/setup.py | |
| parent | 9ba35e64fad0fe205b403da7e30656015979a235 (diff) | |
eficonfig: EFI_VARIABLE_APPEND_WRITE is not set for null key
The signed null key with authenticated header is used to clear
the PK, KEK, db and dbx. When CONFIG_EFI_MM_COMM_TEE is enabled
(StMM and OP-TEE based RPMB storage is used as the EFI variable
storage), clearing KEK, db and dbx by enrolling a signed null
key does not work as expected if EFI_VARIABLE_APPEND_WRITE
attritube is set.
This commit checks the selected file is null key, then
EFI_VARIABLE_APPEND_WRITE attibute will not be used for the null key.
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
Reviewed-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Diffstat (limited to 'scripts/dtc/pylibfdt/setup.py')
0 files changed, 0 insertions, 0 deletions