CVE-2023-43634 (eve)

When sealing/unsealing the “vault� key, a list of PCRs is used, which defines which PCRs
are used.

In a previous project, CYMOTIVE found that the configuration is not protected by the secure
boot, and in response Zededa implemented measurements on the config partition that was
mapped to PCR 13.

In that process, PCR 13 was added to the list of PCRs that seal/unseal the key.

In commit “56e589749c6ff58ded862d39535d43253b249acf�, the config partition
measurement moved from PCR 13 to PCR 14, but …

boot configuration cve eve found key list process project response secure boot zededa