When we will update shim & grub in the container image, the installed binaries on the node won't be updated immediately (yet), only on the next boot, so the system will boot with a newer kernel/UKI but older shim/grub once, update them, and then the next boot (that may or may not happen before the next update) will use the new binaires.
Thus we need to be able to pass a list of "previously seen" values for shim & grub to the libraries so that it computes all the possible options for PCR4 for a deployed node.
The operator will figure out which values to pass to the libraries and the libraries will return a list of PCR4 values (instead of just one).
We should thus probably change the interface to always return a list of values for a given PCR.
When we will update shim & grub in the container image, the installed binaries on the node won't be updated immediately (yet), only on the next boot, so the system will boot with a newer kernel/UKI but older shim/grub once, update them, and then the next boot (that may or may not happen before the next update) will use the new binaires.
Thus we need to be able to pass a list of "previously seen" values for shim & grub to the libraries so that it computes all the possible options for PCR4 for a deployed node.
The operator will figure out which values to pass to the libraries and the libraries will return a list of PCR4 values (instead of just one).
We should thus probably change the interface to always return a list of values for a given PCR.