From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934288AbeCHQu2 (ORCPT ); Thu, 8 Mar 2018 11:50:28 -0500 Received: from mail-wm0-f43.google.com ([74.125.82.43]:53978 "EHLO mail-wm0-f43.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752133AbeCHQu0 (ORCPT ); Thu, 8 Mar 2018 11:50:26 -0500 X-Google-Smtp-Source: AG47ELtgkDik9az8DCZprX6VEEovJO+AXOete9lVjZ95WCVnhUjp6pxr5X40LRNugXsA32YTYv4Vng== From: Hans de Goede Subject: Re: Regression from efi: call get_event_log before ExitBootServices To: Javier Martinez Canillas , Jeremy Cline , Thiebaud Weksteen , Jarkko Sakkinen , linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org, tpmdd-devel@lists.sourceforge.net, Linux Kernel Mailing List References: <01000161fc0b4755-df0621f4-ab5d-479a-b425-adf98427a308-000000@email.amazonses.com>

Message-ID: Date: Thu, 8 Mar 2018 17:50:23 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On 07-03-18 12:34, Javier Martinez Canillas wrote: > On 03/07/2018 12:10 PM, Hans de Goede wrote: >> Both according to the BIOS and to the /sys/class/tpm/tpm0/device/description >> file it is a TPM 2.0. >> > > I see, so you can choose enabling the TPM 1.2 or TPM 2.0 device? At least that's > the case on my X1 Carbon laptop. I've both a hardware TPM 1.2 and a firmware TPM > 2.0 that's implemented as an Intel ME application (AFAIU). This device only has the firmware TPM 2.0 implementation. >> I'm actually amazed that this machine has a TPM at all, a quick internet >> search shows that it is a software implemented TPM running as part of the >> TXE firmware. >> > > A quick search suggests that it comes with Windows 10? Yes, it comes with Windows 10. >>> For start, can you please check if you can boot a v4.16-rcX kernel with the >>> TPM device enabled? That way we will know that at least that it consistently >>> fails on this machine and is not and isolated issue. >> >> I just tried and v4.16-rc3 boots fine for me, repeatedly. >> > > That's an interesting data point. > >> I guess Jeremy's model may actually have something in the TPM log > > I don't think so. The UEFI firmware already does some measurements and also > does shim. So you *should* have some logs. > >> while my TPM log is empty... Is there anyway to make sure the TPM >> log has some info to retreive? >> > > Are you also able to read the TPM event logs? > > $ hexdump /sys/kernel/security/tpm0/binary_bios_measurements Yes for me that outputs a lot of hex :) > The UEFI firmware does some measurements and so does shim. So you should > have some event logs. What version of shim are you using? And also would > be good to know if it's the same shim version that Jeremy is using. That is a very good question, I'm using: shim-ia32-13-0.7.x86_64, which is the last version for F27 AFAICT. But Jeremy's tablet might very well be not using the shim at all, as I manually installed Fedora 25 on the tablet he now has, before Fedora supported machines with 32 bit EFI. I then later did a "dnf distro-sync" to Fedora-27. Jeremy might also very well still be booting using a grub binary I build manually back then, without any shim being involved. Jeremy what does efibootmgr -v output on your device ? Regards, Hans