In case someone steps on this - just a short note: I resolved this by having a reference to the PCRs measured in tpm2_evenlog available under "/sys/kernel/security/tpm0/binary_bios_measurements".
Based on that I was able to satisfy my requirement to know how the PCRs look like at the moment I want to know, if my device state is trustworth BEFORE entering my passphrase. Note: I figured out that some devices (in this case with a discrete TPM) seem to hold in this binary_bios_measurement only SHA1, while the TPM2 device is capable of SHA1 and SHA256 banks. I wonder how this will be handled for tpm2-protected disks, that are also encrypted at the moment the system has been completely booted up. This case should be affected by the exact same challenge. Cheers, // Matthias CC to systemd-devel ________________________________ From: Matthias R. Wiora <[email protected]> Sent: 22 December 2025 05:05 PM To: Milan Broz <[email protected]>; [email protected] <[email protected]> Subject: Re: PCR9 missmatches since latest updates Yeah! Your hint was perfect! Thanks! Obviously Systemd Release 259 caused the change: https://github.com/systemd/systemd/releases/tag/v259 Extract: ``` Information about the initialization of NvPCRs is measured into PCR 9, and finalized by a separator measurement. ``` as this seems to be by intention with a good reason, I will investigate this further and most probably adapt my tpm2-kira implementation to fullfil the expectations of PCR 9 at the moment before unlock :) Cheers, Matthias ________________________________________ From: Milan Broz <[email protected]> Sent: 22 December 2025 04:17 PM To: Matthias R. Wiora <[email protected]>; [email protected] <[email protected]> Subject: Re: PCR9 missmatches since latest updates On 12/22/25 3:32 PM, Matthias R. Wiora wrote: > Hi all, > > with linux kernel 6.18.2-arch2-1 and cryptsetup-2.8.3-1 (running arch) I am > experiencing issues when resealing my TPM2 protected enclave protected by > measurements on PCR9 on my machine (verified on another device with a similar > setup). > This behaviour changed recently and I could not find any release notes > information, so I decided to start here with my investigations. I think you need to cc systemd list, or maybe better report issue to systemd, as it is systemd cryptsetup tools handling TPM2 PCRs. Milan
