** Description changed: + [Impact] + + * TPM PCR0 differs from reconstruction, if your PCR0 contains one (or + more) zero byte(s) then the PCR0 will mismatch. (zero byte(s) be + ignored) + + [Test Plan] + + * run + + $ fwupdmgr get-devices + ... + └─System Firmware: + Device ID: c8489035f8df6f87a1a3cd1baff36129262a5ac1 + Current version: 92.1.0 + Minimum Version: 0.0.1 + Vendor: HP (DMI:HP) + Update Error: TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction + GUID: 116180f2-105d-4ab2-809e-7fabed71217b + + will get the failed. + + * already tried on bug1891966 bug1893018 bug1896855 bug1897674 + bug1899914 bug1902835 bug1903660 bug1909539 bug1910197 bug1914335 + bug1918600 bug1918866 bug1919270 bug1919424 bug1920714 and this patch + could solve the error. + + [Where problems could occur] + + * the all zero PCR0 is invalid, the original logic is to check whether + a byte is zero. If zero then skip. It cause the PCR0 will potentially + miss some valid zero byte. (e.g. + 0x0C>>00<<62898247F8FE3085960E5B0270E7667B6F7D4CAE17A503950499D45B4116) + + * this patch will not skip zero byte. Instead, add a flag to check + whether all bytes are zero. + + * for this change, it makes sense and didn't see any potential + regression. + + --- + In some of HP platforms, the TPM PCR checking will fail on focal ubuntu $ fwupdmgr get-devices ... └─System Firmware: Device ID: c8489035f8df6f87a1a3cd1baff36129262a5ac1 Current version: 92.1.0 Minimum Version: 0.0.1 Vendor: HP (DMI:HP) Update Error: TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction GUID: 116180f2-105d-4ab2-809e-7fabed71217b Device Flags: • Internal device • Updatable • Requires AC power • Needs a reboot after installation • Cryptographic hash verification is available • Device is usable for the duration of the update Update Error: TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction --- This issue is fixed by upstream commit https://github.com/fwupd/fwupd/pull/2394/commits/e265dd1d8687965bee77259ef3482b09b92033c1
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1909734 Title: TPM PCR checking will fail if the all characters are 0 To manage notifications about this bug go to: https://bugs.launchpad.net/oem-priority/+bug/1909734/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
