Hi, In response to your queries:
1) With kernel version 5.0.0-37, I can confirm that the event log provided by the kernel is inconsistent with the TPM for PCR7 in a VM that's running OVMF. This is because of the opposite problem - in this case, the last event is missing from the log exported by the kernel. I'm not sure why that is yet because it occurs before ExitBootServices() and should appear in the firmware's main event log. There is also a mismatch for PCR5, but this one is expected because the kernel is missing events that occur as a result of or after ExitBootServices() (in this case, it misses 2 EV_EFI_ACTION events). This is the problem that will be addressed by this bug report. 2) The stock kernel for Ubuntu 18.04 doesn't export duplicate events in the event log because it doesn't contain any code to handle the final events table (to retrieve events that are recorded as a result of or after ExitBootServices()). The duplicate events occur in the test kernel with the patches in comment 12 applied because it misses some additional fixes to de-duplicate events that are recorded both to the firmware's main event log and the final events table. Events that occur between the first call to GetEventLog() and ExitBootServices() are recorded by the firmware to both places. 3) I think this is a GRUB issue. AFAICT, GRUB's linux loader only boots the kernel via its EFI stub when secure boot is enabled, and I think you need to boot the kernel with the EFI stub in order for it to retrieve the event log. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
