From fc53dc0926a6bc90cddececcd69d7b358e0f9bb3 Mon Sep 17 00:00:00 2001
From: Kelvin Cao <kelvin.cao@microchip.com>
Date: Mon, 28 Aug 2023 02:47:17 -0700
Subject: [PATCH] Reject duplicate KMSK key programming

Adding the same KMSK key twice will cause the KMSK entry unable to be
revoked. Give error message and quit in this case, instead of allowing
the programming with warnings.
---
 cli/mfg.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/cli/mfg.c b/cli/mfg.c
index 9ba34b71..878a68e1 100644
--- a/cli/mfg.c
+++ b/cli/mfg.c
@@ -1151,13 +1151,9 @@ static int kmsk_entry_add(int argc, char **argv)
 	}
 
 	if (switchtec_security_state_has_kmsk(&state, &kmsk)) {
-		if (!cfg.assume_yes)
-			fprintf(stderr,
-				"WARNING: the specified KMSK entry already exists on the device.\n"
-				"Writing duplicate KMSK entries could make your device unbootable!\n");
-		ret = ask_if_sure(cfg.assume_yes);
-		if (ret)
-			return ret;
+		fprintf(stderr,
+			"REJECTED: the specified KMSK entry already exists on the device!\n");
+		return -8;
 	}
 
 	if (state.secure_state == SWITCHTEC_INITIALIZED_SECURED &&