Should MokListTrusted be measured to PCR7? #484
Description
Shim 15.6 changes the value of PCR7 because of the addition of MokListTrusted in #423, which gets measured to PCR7:
$ sudo ./tcglog-dump -v --pcrs 7,14
PCR DIGEST TYPE DETAILS
7 d4fdd1f14d4041494deb8fc990c45343d2277d08 EV_EFI_VARIABLE_DRIVER_CONFIG SecureBoot: 1
7 d9a7a63f7e87e7fb20a477b5b5e9407c9d57497f EV_EFI_VARIABLE_DRIVER_CONFIG PK: entries(x509)=1
7 2ebbf8ca84499166ca8f12aa7f259381c316b9b6 EV_EFI_VARIABLE_DRIVER_CONFIG KEK: entries(x509)=2
7 e05b5af1ec98a42bf6e43c9ab29279a6a0415bef EV_EFI_VARIABLE_DRIVER_CONFIG db: entries(x509)=3
7 6fb84686442a1854a047ce1451978ad041119aff EV_EFI_VARIABLE_DRIVER_CONFIG dbx: entries(sha256)=78
7 9069ca78e7450a285173431b3e52c5c25299e473 EV_SEPARATOR
7 80c10f87c17b60c3dcfb9fae39556b46bdcc77d2 EV_EFI_VARIABLE_AUTHORITY subject: "CN=UEFI key for <redacted>", owner: 00000000-0000-0000-0000-000000000000, source: db
14 92748cc7c270de6c169469f1de795e8378bf05cd EV_IPL MokList
14 525ff70d4cfa4b2c76a2e23fc4490797932bd3f2 EV_IPL MokListX
7 15875d39b8872f8aff3a92fc9f9e40ac75268e04 EV_EFI_VARIABLE_AUTHORITY SbatLevel: sbat,1,2021030218 ...
7 3efeb87af48ab5aee7fcbd3514bab719ed865c1c EV_EFI_VARIABLE_AUTHORITY Invalid authority event for MokListTrusted - not a hash or X509 certificate: x509: malformed certificate
14 bf8b4530d8d246dd74ac53a13471bba17941dff7 EV_IPL MokListTrusted
7 80c10f87c17b60c3dcfb9fae39556b46bdcc77d2 EV_EFI_VARIABLE_AUTHORITY subject: "CN=UEFI key for <redacted>", owner: 00000000-0000-0000-0000-000000000000, source: db
7 e50033c9db382a1fa2788f7ebe521fdcc87cc34a EV_EFI_VARIABLE_AUTHORITY subject: "CN=Canonical Ltd. Master Certificate Authority,O=Canonical Ltd.,L=Douglas,ST=Isle of Man,C=GB", source: Shim
PCR7 is used to record secure boot policy information which is a combination of secure boot configuration and how each application is verified. Shim does currently use it for measuring some additional non standard variables (MokSBState and SbatLevel), but that's ok because those directly affect secure boot policy.
MokListTrusted affects how the kernel uses entries in MokList after ExitBootServices, and so it feels a bit weird here because it's not directly related to secure boot policy. The existing MokList and MokListX variables are only measured to PCR14.