Shah

> Please fix the typo in the first commit message "[pillar : update eve-api to DisbaleVtpm changes](https://github.com/lf-edge/eve/pull/4997/commits/f8fdab73ab3034eee79c543f470137c07ca5f957)" > > Other than that, LGTM Fixed. @OhmSpectator compared to last commit only...

@eriknordmark / @OhmSpectator I don't know how to test this, Nikolay do you know a way to test the github action completly ? I tried `act` to no avail.

> > @eriknordmark / @OhmSpectator I don't know how to test this, Nikolay do you know a way to test the github action completly ? I tried `act` to no...

Since PCR 5 is not part of our sealing policy, I think I can reduce this to only two measurements instead of 4.

> You need to fix the file in pkg/pillar/agentlog/agentlog.c I can't find this file :/

> You need to fix the file in pkg/pillar/agentlog/agentlog.c (as one commit), and then run make bump-eve-pillar which will update edgeview etc vendoring of pillar and commit those. [I think...

> Is there other code which has the same bug in the use of os.OpenFile? at least Semgrep can't find anything obvious. It is not possible to do bitwise check...

> @shjala tests/semgrep-rules/os-openfile-non-perm-mode.yaml is missing Copyright note. @rene added the Copyright note. > Please, once we merge it, don't forget to open the PR updating vendor files.... in all dependencies...

This approach (or any, for that matter), if not designed from the ground up to address the security implications it may bring, can completely undermine one of EVE’s foundational security...