** Changed in: linux-azure (Ubuntu Disco)
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1838796
Title:
TPM event log does not contain event
Hi Marcelo,
I tested the Linux-azure-edge kernel at my end and I was able to verify
that the PCR value 0 through 7 match.
Thanks a lot for your help and support.
Thanks
Vinay
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure i
That sounds good. I will try and test it at end too.
Thanks a lot for your help :)
-Vinay
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1838796
Title:
TPM event log does not con
Hi, Vinay.
I tried but then I realized that all linux-azure kernels were stripped
down and they will not boot on a regular bare metal machine. But I will
test linux-azure-edge on a Hyper-v machine and I will let you know.
--
You received this bug notification because you are a member of Kernel
P
Hi Marcelo,
I am facing the same issue as I was with the .deb packages. When I run
"sudo apt install Linux-azure-edge" and reboot, the kernel does not
boot.
I am able to boot into the Linux 5.3.040-generic kernel but not the
azure edge kernel.
That said, I tried it on both the physical machine a
Hi Marcelo,
Thanks for the information. I will try and validate the Linux-azure-edge
kernel.
Regarding your test environment, there are no issues. This is the
expected environment for the guest OS.
-Vinay
--
You received this bug notification because you are a member of Kernel
Packages, which
Vinay, I just noticed you are using Bionic for this test. I believe a
4.15 kernel might boot ok in bionic, but the test kernel is actually
intended to Xenial.
For Bionic we need to test the 5.3 linux-azure-edge kernel that can be
installed directly from the archive via:
$ sudo apt install linux-a
Hi Vinay. I never tried to boot the azure kernel on a physical machine,
but I believe it should boot fine. Usually with those test kernels I
simply install all the debian package with:
$ sudo apt install ./*.deb
I will try to install it on physical machine today to check if I have
the same issues
Hi Marcelo,
I am trying to load the kernel on an x86_64 physical machine. Here is
how I installed the .deb pkg on the machine.
"sudo dpkg -i linux-
modules-4.15.0-1066-azure_4.15.0-1066.71+lp1838796.2_amd64.deb"
"sudo dpkg -i linux-image-
unsigned-4.15.0-1066-azure_4.15.0-1066.71+lp1838796.2_amd
Hi, Vinay.
I managed to install and boot the test kernel on a gen2 hyper-v VM on a
Win10 host. What's the environment you are using?
On my tests I noticed the kernel is failing to retrieve the event log
from the firmware. So I was wondering if this setup I'm using is the
best option or if I shoul
Hi Marcelo,
I tried to validate the test kernel provided by you in comment 23. I am not
able to load the kernel. When I select the kernel from the grub menu, the
loading gets stuck at "Loading initial ramdisk".
I tried it with secure boot disabled too, just to be sure we are not
making any mis
Hi Marcelo,
Can you please let us know when you are with the tests on your side? We
can then go ahead and validate the test kernel at our end.
-Vinay
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.lau
The complete set of patches for the test kernel above:
https://kernel.ubuntu.com/~mhcerri/azure/lp1838796.2/patches/
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1838796
Title:
T
I preliminary test kernel with the missing patches is available at:
https://kernel.ubuntu.com/~mhcerri/azure/lp1838796.2/
I will be running some tests on it on the next days.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in
I'm preparing a new test kernel with the additional patches that Chris
has mentioned. I will let you know once I have it ready.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1838796
Ok, I think that the truncated log issue with kernel version 5.0.0-37 is
a bug in tpm1_bios_measurements_next() which is fixed by
https://lore.kernel.org/patchwork/patch/1031236/, although I've not
verified that this is the case.
--
You received this bug notification because you are a member of K
I just noticed I didn't respond to the question in comment 16. The tool
I'm using is https://github.com/chrisccoulson/tcglog-parser
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/1838
Hi,
In response to your queries:
1) With kernel version 5.0.0-37, I can confirm that the event log
provided by the kernel is inconsistent with the TPM for PCR7 in a VM
that's running OVMF. This is because of the opposite problem - in this
case, the last event is missing from the log exported by t
Hi Chris,
There are few observations we made while testing.
1. On baseline Ubuntu, we see a PCR7 mismatch. Could you please confirm
if this is a known issue and what is the reason for this mismatch?
2. We were able to validate that there were duplicate entries in the TCG
logs with the test kerne
I think the reason for your issue is that the final 2 events extended to
PCR7 are recorded twice in the log, most likely because the test kernel
from comment 12 doesn't contain
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=166a2809d65b282272c474835ec22c882a39ca1b
I
Hi Chris,
Can you please point me to the parser tool that you used to parse the
binary_bios_measurements? We can try that tool at our end to see if the
our tool has a bug.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubu
Hi Chris,
I repeated the experiment with the above Kernel, but PCR#7 still doesn't
match.
I am using a custom tool to parse binary_bios_measurements. Attaching
the binary_bios_measurements binary and parsed XML for your reference.
Can you please try to parse the binary using your tool and check i
I briefly tested the kernels and I'm seeing that the log is consistent
with the PCR values in the TPM. May I ask what tool it is you're using
in those screenshots so that I can try it?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-
I have verified the kernel image provided above. The PCR5 values in the
TCG logs and in the TPM match. I have also verified that the
ExitBootServices event is present in the binary_bios_measurements.
However, I see there is a mismatch for PCR4 and PCR7 between the TCG
logs and the TPM values. I am
A 4.15 test kernel is available for validation with the backported
patches: https://kernel.ubuntu.com/~mhcerri/azure/lp1838796.1/
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-azure in Ubuntu.
https://bugs.launchpad.net/bugs/183879
** Also affects: linux-azure (Ubuntu)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux-azure (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Disco)
I
Hi Jordan - This seems like a nice enhancement and something that will
be in Ubuntu once we are shipping a kernel that's v5.3 or newer. I don't
expect that we'll backport these patches to our stable releases that
ship kernels older than v5.3. This seems to reflect the TPM subsystem
maintainer's tho
** Description changed:
The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements)
does not contain any events that are measured by UEFI after the kernel's
EFI Boot stub calls ExitBootServices().
This means that PCR values calculated from the event log will not match
the a
apport information
** Tags added: apport-collected bionic
** Description changed:
The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements)
does not contain any events that are measured by UEFI after the kernel's
EFI Boot stub calls ExitBootServices().
This means that PCR
29 matches
Mail list logo
