From 4c75d9a7dc77344eec4f1c6d3ddf3042e98eb9cd Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Fri, 4 Nov 2022 10:17:11 +0000
Subject: [PATCH] Add more EFI keys to the integrity check list

---
 src/fu-engine-helper.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/fu-engine-helper.c b/src/fu-engine-helper.c
index e48b73395..f8f9d960d 100644
--- a/src/fu-engine-helper.c
+++ b/src/fu-engine-helper.c
@@ -223,9 +223,19 @@ fu_engine_integrity_measure_uefi(GHashTable *self)
 	} keys[] = {{FU_EFIVAR_GUID_EFI_GLOBAL, "BootOrder"},
 		    {FU_EFIVAR_GUID_EFI_GLOBAL, "BootCurrent"},
 		    {FU_EFIVAR_GUID_EFI_GLOBAL, "KEK"},
+		    {FU_EFIVAR_GUID_EFI_GLOBAL, "KEKDefault"},
+		    {FU_EFIVAR_GUID_EFI_GLOBAL, "OsIndications"},
+		    {FU_EFIVAR_GUID_EFI_GLOBAL, "OsIndicationsSupported"},
 		    {FU_EFIVAR_GUID_EFI_GLOBAL, "PK"},
+		    {FU_EFIVAR_GUID_EFI_GLOBAL, "PKDefault"},
+		    {FU_EFIVAR_GUID_EFI_GLOBAL, "SecureBoot"},
+		    {FU_EFIVAR_GUID_EFI_GLOBAL, "SetupMode"},
+		    {FU_EFIVAR_GUID_EFI_GLOBAL, "SignatureSupport"},
+		    {FU_EFIVAR_GUID_EFI_GLOBAL, "VendorKeys"},
 		    {FU_EFIVAR_GUID_SECURITY_DATABASE, "db"},
+		    {FU_EFIVAR_GUID_SECURITY_DATABASE, "dbDefault"},
 		    {FU_EFIVAR_GUID_SECURITY_DATABASE, "dbx"},
+		    {FU_EFIVAR_GUID_SECURITY_DATABASE, "dbxDefault"},
 		    {NULL, NULL}};
 
 	/* important keys */