On Wed, Jan 23, 2019 at 12:58 PM Shiv B <[email protected]> wrote: > I tried using grub from coreos (https://github.com/coreos/grub) since > it has the changes to update the TPM2.0 pcrs. However, I see that after a > couple of reboots the PCR 8 (ASCII PCR) is differing, which results in the > failure to decrypt the LUKS partition. > > Any reason why the PCR8 is changing ? It is used to measure the kernel > command line, but I am not making any changes to the command line. Is the > PCR 8 varying because of the grubenv ? >
Hi Shiv, Are you seeing this on CoreOS Container Linux, or on a different distro? On Container Linux, the kernel command line will change after the first boot, and also after every OS update. --Benjamin Gilbert
