Measure empty PK and KEK EFI vars

author Alberto Planas <aplanas@suse.com>

Thu, 18 Jan 2024 14:38:30 +0000 (15:38 +0100)

committer Luca Boccassi <luca.boccassi@gmail.com>

Fri, 19 Jan 2024 00:18:20 +0000 (00:18 +0000)
author Alberto Planas <aplanas@suse.com>
Thu, 18 Jan 2024 14:38:30 +0000 (15:38 +0100)
committer Luca Boccassi <luca.boccassi@gmail.com>
Fri, 19 Jan 2024 00:18:20 +0000 (00:18 +0000)
diff --git a/src/pcrlock/pcrlock.c b/src/pcrlock/pcrlock.c

index 9eeef91a4cee422c9f8f2667630c7ecbbdc21f36..e8c902c927ce45e251824f6cc5c0f81a9b3faef9 100644 (file)
--- a/src/pcrlock/pcrlock.c
+++ b/src/pcrlock/pcrlock.c
@@ -2768,8 +2768,8 @@ static int verb_lock_secureboot_policy(int argc, char *argv[], void *userdata) {
                  int synthesize_empty; /* 0 → fail, > 0 → synthesize empty db, < 0 → skip */
          } variables[] = {
                  { EFI_VENDOR_GLOBAL,   "SecureBoot", 0 },
-                { EFI_VENDOR_GLOBAL,   "PK",         0 },
-                { EFI_VENDOR_GLOBAL,   "KEK",        0 },
+                { EFI_VENDOR_GLOBAL,   "PK",         1 },
+                { EFI_VENDOR_GLOBAL,   "KEK",        1 },
                  { EFI_VENDOR_DATABASE, "db",         1 },
                  { EFI_VENDOR_DATABASE, "dbx",        1 },
                  { EFI_VENDOR_DATABASE, "dbt",       -1 },
author	Alberto Planas <aplanas@suse.com>
	Thu, 18 Jan 2024 14:38:30 +0000 (15:38 +0100)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Fri, 19 Jan 2024 00:18:20 +0000 (00:18 +0000)