From: Jeremy Cline <jeremy@jcline.org>
To: Hans de Goede <hdegoede@redhat.com>,
Javier Martinez Canillas <javierm@redhat.com>,
Thiebaud Weksteen <tweek@google.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org,
tpmdd-devel@lists.sourceforge.net,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Regression from efi: call get_event_log before ExitBootServices
Date: Thu, 8 Mar 2018 17:26:40 +0000 [thread overview]
Message-ID: <0100016206a68850-bd5c96b3-f275-46ea-98b1-1317e02a5d6e-000000@email.amazonses.com> (raw)
In-Reply-To: <cec36124-0950-6ad9-58a8-9bd69e63aa04@redhat.com>
On 03/08/2018 11:50 AM, Hans de Goede wrote:
> <somehow this part of the thread was missing some email addresses, I've
> added these now>
>
> Hi,
>
> On 07-03-18 12:34, Javier Martinez Canillas wrote:
<snip>
>> Are you also able to read the TPM event logs?
>>
>> $ hexdump /sys/kernel/security/tpm0/binary_bios_measurements
>
> Yes for me that outputs a lot of hex :)
For me, /sys/kernel/security/tmp0 doesn't exist on 4.15.6 or 4.16 with
the patch reverted.
>> The UEFI firmware does some measurements and so does shim. So you should
>> have some event logs. What version of shim are you using? And also would
>> be good to know if it's the same shim version that Jeremy is using.
>
> That is a very good question, I'm using: shim-ia32-13-0.7.x86_64, which is
> the last version for F27 AFAICT.
All my tablet has installed is shim-0.8-10.x86_64, no shim-ia32.
>
> But Jeremy's tablet might very well be not using the shim at all, as
> I manually installed Fedora 25 on the tablet he now has, before Fedora
> supported
> machines with 32 bit EFI. I then later did a "dnf distro-sync" to
> Fedora-27.
>
> Jeremy might also very well still be booting using a grub binary I build
> manually back then, without any shim being involved.
>
> Jeremy what does efibootmgr -v output on your device ?
# efibootmgr -v
BootCurrent: 0003
Timeout: 4 seconds
BootOrder: 0003,0000,0001,2001,2002,2003
Boot0000* Android X64 OS
HD(1,GPT,215e6cf3-e97d-4735-9c4e-7338c8f5a645,0x800,0x32000)/File(\EFI\BOOT\bootx64.efi)RC
Boot0001* Internal EFI Shell
FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(c57ad6b7-0515-40a8-9d21-551652854e37)RCM&".
Boot0003* Fedora
HD(1,GPT,215e6cf3-e97d-4735-9c4e-7338c8f5a645,0x800,0x32000)/File(\EFI\fedora\grubx64.efi)
Boot2001* EFI USB Device RC
Boot2002* EFI DVD/CDROM RC
Boot2003* EFI Network RC
Boot8087* Udm
FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(9a9ab4c1-ee1b-488b-b300-24544a7bd418)
I think you're right about it using the old grub binary. I'm
embarrassingly unfamiliar with both UEFI and grub, but I'm guessing you
set the location of grub.cfg at compile time? When I boot
\EFI\fedora\grubx64.efi, it's pulling the grub.cfg from
\EFI\redhat\grub.cfg.
Regards,
Jeremy
next prev parent reply other threads:[~2018-03-08 17:26 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-06 16:00 Regression from efi: call get_event_log before ExitBootServices Jeremy Cline
[not found] ` <01000161fc0b4755-df0621f4-ab5d-479a-b425-adf98427a308-000000-p/GC64/jrecnJqMo6gzdpkEOCMrvLtNR@public.gmane.org>
2018-03-07 8:41 ` Thiebaud Weksteen via tpmdd-devel
2018-03-07 11:16 ` Hans de Goede
2018-03-07 12:00 ` Javier Martinez Canillas
2018-03-07 17:33 ` Jeremy Cline
2018-03-08 8:45 ` Thiebaud Weksteen
2018-03-08 18:20 ` Jeremy Cline
[not found] ` <e7c2be5c-cf21-fc2d-efda-d9222d93ffad@redhat.com>
[not found] ` <b32f335c-0d77-1749-f7fe-65f512280255@redhat.com>
[not found] ` <ade378f6-c997-1d48-a30d-cceee6435fc8@redhat.com>
[not found] ` <a3b5f822-f8f4-e2f5-46da-e23e13174f28@redhat.com>
2018-03-08 16:50 ` Hans de Goede
2018-03-08 17:26 ` Jeremy Cline [this message]
2018-03-09 9:29 ` Hans de Goede
2018-03-09 10:43 ` Thiebaud Weksteen
2018-03-09 16:54 ` Jeremy Cline
2018-03-10 10:45 ` Thiebaud Weksteen
2018-03-12 10:17 ` Jarkko Sakkinen
2018-03-12 10:41 ` Paul Menzel
2018-03-16 13:01 ` Jarkko Sakkinen
2018-03-12 11:08 ` Ard Biesheuvel
2018-03-12 14:30 ` Jeremy Cline
2018-03-12 14:56 ` Ard Biesheuvel
2018-03-12 17:01 ` Jeremy Cline
2018-03-12 17:30 ` Ard Biesheuvel
2018-03-12 18:29 ` Thiebaud Weksteen
2018-03-12 18:33 ` Jeremy Cline
2018-03-12 19:55 ` Thiebaud Weksteen
2018-03-12 21:02 ` Ard Biesheuvel
2018-03-13 7:24 ` Thiebaud Weksteen
2018-03-13 8:08 ` Hans de Goede
2018-03-13 1:50 ` Jeremy Cline
2018-03-13 7:47 ` Hans de Goede
2018-03-13 7:59 ` Ard Biesheuvel
2018-03-13 8:02 ` Ard Biesheuvel
2018-03-13 10:23 ` Thiebaud Weksteen
2018-03-13 10:30 ` Ard Biesheuvel
2018-03-13 13:41 ` Jeremy Cline
2018-03-13 13:43 ` Ard Biesheuvel
2018-03-13 15:00 ` Thiebaud Weksteen
2018-03-13 12:51 ` Andy Shevchenko
2018-03-12 18:30 ` Jeremy Cline
2018-03-09 17:03 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0100016206a68850-bd5c96b3-f275-46ea-98b1-1317e02a5d6e-000000@email.amazonses.com \
--to=jeremy@jcline.org \
--cc=hdegoede@redhat.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=javierm@redhat.com \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=tweek@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).