Reject duplicate KMSK key programming

Adding the same KMSK key twice will cause the KMSK entry unable to be revoked. Give error message and quit in this case, instead of allowing the programming with warnings.
Microsemi · Aug 28, 2023 · fc53dc0 · fc53dc0
1 parent bec25ec
commit fc53dc0
Showing 1 changed file with 3 additions and 7 deletions.
diff --git a/cli/mfg.c b/cli/mfg.c
@@ -1151,13 +1151,9 @@ static int kmsk_entry_add(int argc, char **argv)
 	}
 
 	if (switchtec_security_state_has_kmsk(&state, &kmsk)) {
-		if (!cfg.assume_yes)
-			fprintf(stderr,
-				"WARNING: the specified KMSK entry already exists on the device.\n"
-				"Writing duplicate KMSK entries could make your device unbootable!\n");
-		ret = ask_if_sure(cfg.assume_yes);
-		if (ret)
-			return ret;
+		fprintf(stderr,
+			"REJECTED: the specified KMSK entry already exists on the device!\n");
+		return -8;
 	}
 
 	if (state.secure_state == SWITCHTEC_INITIALIZED_SECURED &&