Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1730785
Summary: | Missing TPM Event Log entry for initramfs measurement | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | nicolasoliver03 |
Component: | grub2 | Assignee: | Peter Jones <pjones> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 31 | CC: | fmartine, lkundrak, pbrobinson, pjones |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-01-31 15:39:56 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1269538 |
Description
nicolasoliver03
2019-07-17 15:37:01 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to '31'. This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle. Changing version to 31. I'm not able to reproduce this issue anymore, on a F31 machine with a TPM 2.0 device I see that the PCR hashes and the values calculated (using the script from the https://github.com/ValdikSS/binary_bios_measurements_parser repo) from the TPM event log digests matches: $ sudo ./binary_bios_measurements_parser.py ... Final PCRs: PCR-00: 74 72 60 E4 92 C6 57 85 55 0C CD 6B 89 DF D7 89 11 35 55 B4 PCR-01: E9 BB 94 5E 4C E0 D2 7B 0E D0 B6 40 B1 43 48 BF 96 D5 22 46 PCR-02: B2 A8 3B 0E BF 2F 83 74 29 9A 5B 2B DF C3 1E A9 55 AD 72 36 PCR-03: B2 A8 3B 0E BF 2F 83 74 29 9A 5B 2B DF C3 1E A9 55 AD 72 36 PCR-04: 73 D6 F9 04 39 A1 BF F7 2D 16 CC D8 4C 09 F1 A3 59 C5 D7 04 PCR-05: 5A EF B9 69 F0 CD 74 94 76 0B 41 30 53 C9 36 B7 9A 7C 8D F8 PCR-06: B2 A8 3B 0E BF 2F 83 74 29 9A 5B 2B DF C3 1E A9 55 AD 72 36 PCR-07: 3F 1D 3C F4 90 9B B8 6A A5 C6 D0 C1 17 AF A3 CA 97 6E F2 0B PCR-08: 85 5B 4B DE EE 85 D6 23 63 2F 83 35 04 A8 F9 87 AC 33 F8 CF PCR-09: 6A 12 19 B5 A4 BD 33 44 26 EF 96 BB 53 E1 80 5F 9D 20 21 AB PCR-10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-14: 56 56 EA 58 88 CD 4B B9 83 C6 39 24 35 96 2B E4 37 F9 00 25 PCR-15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR-17: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-18: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-19: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-20: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-21: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 sudo tpm2_pcrread sha1 ... sha1: 0 : 0x747260E492C65785550CCD6B89DFD789113555B4 1 : 0xE9BB945E4CE0D27B0ED0B640B14348BF96D52246 2 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 3 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 4 : 0x73D6F90439A1BFF72D16CCD84C09F1A359C5D704 5 : 0x5AEFB969F0CD7494760B413053C936B79A7C8DF8 6 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236 7 : 0x3F1D3CF4909BB86AA5C6D0C117AFA3CA976EF20B 8 : 0x855B4BDEEE85D623632F833504A8F987AC33F8CF 9 : 0x6A1219B5A4BD334426EF96BB53E1805F9D2021AB 10: 0x2F0D01587A25650D9A48E51DE8F8E01B603BB330 11: 0x0000000000000000000000000000000000000000 12: 0x0000000000000000000000000000000000000000 13: 0x0000000000000000000000000000000000000000 14: 0x5656EA5888CD4BB983C6392435962BE437F90025 15: 0x0000000000000000000000000000000000000000 16: 0x0000000000000000000000000000000000000000 17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 23: 0x0000000000000000000000000000000000000000 The value of PCR-10 is different, but that's expected since is used by IMA and the PCR is extended after ExitBootServices() have been called. The version of the packages tested are: shim-x64-15-8.x86_64 grub2-efi-x64-cdboot-2.02-104.fc31.x86_64 kernel-5.4.13-201.fc31.x86_64 tpm2-tools-4.0.1-1.fc31.x86_64 So I think this can be CLOSED with CURRENTRELEASE, since it seems the bug (probably in the kernel exposing an incorrect TPM Event log to user-space) has been fixed. Agreed, a kernel update fixed this. Thank Javier! (In reply to nicolasoliver03 from comment #4) > Agreed, a kernel update fixed this. Thank Javier! Thanks for the confirmation! |