On Thu May 14 20, Jarkko Sakkinen wrote:
On Wed, 2020-05-13 at 10:59 -0700, Jerry Snitselaar wrote:
On Wed May 13 20, Jarkko Sakkinen wrote:
> On Tue, May 05, 2020 at 03:27:31PM -0700, Jerry Snitselaar wrote:
> > On some systems we've had reports of the value of pcr5 doesn't match the digests in the tpm event log.
> > It looks like I'm able to reproduce here with 5.7-rc4 on a dell system using this parser:
> >
> > https://github.com/ValdikSS/binary_bios_measurements_parser
> >
> > Any thoughts on where to start digging? Is there another tool I should use to parse this?
>
> ExitBootServices() extends PCR5. My 1st intuition would be to look at
> final event table handling, which I documented here:
>
> https://www.kernel.org/doc/Documentation/security/tpm/tpm_event_log.rst
>
> It is somewhat quirky how it nees to be managed (had to read that
> myself to recall how it went).
>
> /Jarkko
>
Yes, my guess is the problem is that when the bios is set to use sha1 it
does not present a final events log to the os.
Do these relate:
https://patchwork.kernel.org/patch/11542035/
?
/Jarkko
I think the case I'm looking at is different. When it is calling
match_config_table it doesn't even see a Final Events log table in
this case, which is prior to calling efi_tpm_eventlog_init.
