From 3cbfbe1e09e55237e81a3f7674cdfe1b9b10534e Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Tue, 20 Dec 2022 11:51:19 +0000
Subject: [PATCH] Skip the fwupdx64.efi BootXXXX entry when measuring system
 integrity

This is created before the UEFI capsule plugin adds the new BootXXXX entry on
NVRAM systems.
---
 src/fu-engine-helper.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/fu-engine-helper.c b/src/fu-engine-helper.c
index f8f9d960d..faf43eb71 100644
--- a/src/fu-engine-helper.c
+++ b/src/fu-engine-helper.c
@@ -254,7 +254,17 @@ fu_engine_integrity_measure_uefi(GHashTable *self)
 		g_autoptr(GBytes) blob =
 		    fu_efivar_get_data_bytes(FU_EFIVAR_GUID_EFI_GLOBAL, name, NULL, NULL);
 		if (blob != NULL && g_bytes_get_size(blob) > 0) {
+			const guint8 needle[] = "f\0w\0u\0p\0d";
 			g_autofree gchar *id = g_strdup_printf("UEFI:%s", name);
+			if (fu_memmem_safe(g_bytes_get_data(blob, NULL),
+					   g_bytes_get_size(blob),
+					   needle,
+					   sizeof(needle),
+					   NULL,
+					   NULL)) {
+				g_debug("skipping %s as fwupd found", id);
+				continue;
+			}
 			fu_engine_integrity_add_measurement(self, id, blob);
 		}
 	}