Shim measuring duplicate EV_EFI_VARIABLE_AUTHORITY events (one for GRUB and one for the kernel) when both executables are verified with the same certificate is actually a bug - although there should be an EV_EFI_BOOT_SERVICES_APPLICATION event for each executable, there should only be a single EV_EFI_VARIABLE_AUTHORITY event for executables that are verified with the same chain of trust. See https://github.com/rhboot/shim/pull/187 for more context.
That's not the issue here though because the current version of shim in the archive isn't completely correct (it doesn't include https://github.com/rhboot/shim/pull/187) and does measure duplicate EV_EFI_VARIABLE_AUTHORITY even though GRUB and the kernel are signed by the same authority. It's more likely that your log is truncated. What are the current PCR values for this machine? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1838712 Title: TPM event log does not contain kernel validation key To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/shim/+bug/1838712/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
