When a node is started in Recovery mode, as opposed to Start mode where the behaviour must remain unchanged, instead of systematically setting the minimum TCB to the value found in the new node's attestation, the logic should instead read the previously set value if there is one.
If present, then the minimum of that value and the value found on startup must be set. If no value was set, we must continue to set the value found in the attestation on startup, as we do today.
This change needs to be included in the changelog.
When a node is started in Recovery mode, as opposed to Start mode where the behaviour must remain unchanged, instead of systematically setting the minimum TCB to the value found in the new node's attestation, the logic should instead read the previously set value if there is one.
If present, then the minimum of that value and the value found on startup must be set. If no value was set, we must continue to set the value found in the attestation on startup, as we do today.
This change needs to be included in the changelog.