On Wed, 2020-05-13 at 10:59 -0700, Jerry Snitselaar wrote: > On Wed May 13 20, Jarkko Sakkinen wrote: > > On Tue, May 05, 2020 at 03:27:31PM -0700, Jerry Snitselaar wrote: > > > On some systems we've had reports of the value of pcr5 doesn't match the digests in the tpm event log. > > > It looks like I'm able to reproduce here with 5.7-rc4 on a dell system using this parser: > > > > > > https://github.com/ValdikSS/binary_bios_measurements_parser > > > > > > Any thoughts on where to start digging? Is there another tool I should use to parse this? > > > > ExitBootServices() extends PCR5. My 1st intuition would be to look at > > final event table handling, which I documented here: > > > > https://www.kernel.org/doc/Documentation/security/tpm/tpm_event_log.rst > > > > It is somewhat quirky how it nees to be managed (had to read that > > myself to recall how it went). > > > > /Jarkko > > > > Yes, my guess is the problem is that when the bios is set to use sha1 it > does not present a final events log to the os. Do these relate: https://patchwork.kernel.org/patch/11542035/ ? /Jarkko
