On Wed May 06 20, Ken Goldman wrote:
On 5/5/2020 6:27 PM, Jerry Snitselaar wrote:
On some systems we've had reports of the value of pcr5 doesn't match
the digests in the tpm event log.
It looks like I'm able to reproduce here with 5.7-rc4 on a dell
system using this parser:
https://github.com/ValdikSS/binary_bios_measurements_parser
Any thoughts on where to start digging? Is there another tool I
should use to parse this?
If you email me the event log in binary, I can run it through the IBM
calculator and see if I get the same error.
A couple other data points:
- On the Dell system where I did this if I change it in the bios to use sha256
instead of sha1, then using tsseventextend to parse matches the value in the tpm.
In the sha256 case there is a final events log.
- I have a nuc5 here, which also extends into sha1, and the parse matches there.
- Javier has also reproduced it when passing through swtpm to a vm.
- I added some debugging code, and there is nothing extending pcr5 with tpm_pcr_extend.
- Ken's parse of the log also shows the disparity, which I've now done as well with
the tpm1.2 version of the tsseventextend tool.
