On Wed May 13 20, Jarkko Sakkinen wrote:
On Tue, May 05, 2020 at 03:27:31PM -0700, Jerry Snitselaar wrote:
On some systems we've had reports of the value of pcr5 doesn't match the digests in the tpm event log.
It looks like I'm able to reproduce here with 5.7-rc4 on a dell system using this parser:
https://github.com/ValdikSS/binary_bios_measurements_parser
Any thoughts on where to start digging? Is there another tool I should use to parse this?
ExitBootServices() extends PCR5. My 1st intuition would be to look at
final event table handling, which I documented here:
https://www.kernel.org/doc/Documentation/security/tpm/tpm_event_log.rst
It is somewhat quirky how it nees to be managed (had to read that
myself to recall how it went).
/Jarkko
Yes, my guess is the problem is that when the bios is set to use sha1 it
does not present a final events log to the os.
