From 74a1f29015f0b7f42d3803f533e47e8e598e523c Mon Sep 17 00:00:00 2001
From: Mike Beaton <mjsbeaton@gmail.com>
Date: Mon, 7 Aug 2023 12:56:29 +0100
Subject: [PATCH] Update MokVars.txt  - Update documented mirrored variable
 attributes from RT to BS,RT  - Add missing MokSBStateRT  - Clarify that
 MokIgnoreDB is a mirror of MokDBState  - Add missing attributes for
 MokPWStore

Signed-off-by: Mike Beaton <mjsbeaton@gmail.com>
---
 MokVars.txt | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/MokVars.txt b/MokVars.txt
index baf8db9a5..71b42c825 100644
--- a/MokVars.txt
+++ b/MokVars.txt
@@ -63,28 +63,33 @@ State variables:
 MokList: A list of authorized keys and hashes. An EFI_SIGNATURE_LIST
 as described in the UEFI specification. BS,NV
 
-MokListRT: A copy of MokList made available to the kernel at runtime. RT
+MokListRT: A copy of MokList made available to the kernel at runtime. BS,RT
 
 MokListX: A list of forbidden keys and hashes.  An EFI_SIGNATURE_LIST
 as described in the UEFI specification. BS,NV
 
-MokListXRT: A copy of MokListX made available to the kernel at runtime. RT
+MokListXRT: A copy of MokListX made available to the kernel at runtime. BS,RT
 
 MokSBState: An 8-bit unsigned integer. If 1, shim will switch to
 insecure mode. BS,NV
 
+MokSBStateRT: A copy of MokSBState made available to the kernel at runtime.
+This allows the OS to query the shim secure mode setting for its own
+verification purposes. BS,RT
+
 MokDBState: An 8-bit unsigned integer. If 1, shim will not use db for
 verification. BS,NV
 
-MokIgnoreDB: An 8-bit unsigned integer.  This allows the OS to query whether
-or not to import DB certs for its own verification purposes.
+MokIgnoreDB: A copy of MokDBState made available to the kernel at runtime.
+This allows the OS to query whether or not to import DB certs for its own
+verification purposes. BS,RT
 
 MokPWStore: A SHA-256 representation of the password set by the user
 via MokPW. The user will be prompted to enter this password in order
-to interact with MokManager.
+to interact with MokManager. BS,NV
 
 MokListTrusted: An 8-bit unsigned integer.  If 1, it signifies to Linux
 to trust CA keys in the MokList. BS,NV
 
 MokListTrustedRT: A copy of MokListTrusted made available to the kernel
-at runtime. RT
+at runtime. BS,RT