[Bug 1909734] Re: TPM PCR checking will fail if the all characters are 0

Mon, 07 Jun 2021 22:55:57 -0700 

** Description changed:

  [Impact]
  
   * TPM PCR0 differs from reconstruction, if your PCR0 contains one (or
  more) zero byte(s) then the PCR0 will mismatch. (zero byte(s) be
  ignored)
  
  [Test Plan]
  
   * run
  
  $ fwupdmgr get-devices
  ...
  └─System Firmware:
        Device ID: c8489035f8df6f87a1a3cd1baff36129262a5ac1
        Current version: 92.1.0
        Minimum Version: 0.0.1
        Vendor: HP (DMI:HP)
        Update Error: TPM PCR0 differs from reconstruction, please see 
https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
        GUID: 116180f2-105d-4ab2-809e-7fabed71217b
  
     will get the failed.
  
   * already tried on bug1891966 bug1893018 bug1896855 bug1897674
  bug1899914 bug1902835 bug1903660 bug1909539 bug1910197 bug1914335
  bug1918600 bug1918866 bug1919270 bug1919424 bug1920714 and this patch
  could solve the error.
  
  [Where problems could occur]
  
   * the all zero PCR0 is invalid, the original logic is to check whether
  a byte is zero. If zero then skip. It cause the PCR0 will potentially
  miss some valid zero byte. (e.g.
  0x0C>>00<<62898247F8FE3085960E5B0270E7667B6F7D4CAE17A503950499D45B4116)
  
   * this patch will not skip zero byte. Instead, add a flag to check
  whether all bytes are zero.
  
  * for this change, it makes sense and didn't see any potential
  regression.
  
  ---
  
  In some of HP platforms, the TPM PCR checking will fail on focal ubuntu
  
  $ fwupdmgr get-devices
  ...
  └─System Firmware:
        Device ID: c8489035f8df6f87a1a3cd1baff36129262a5ac1
        Current version: 92.1.0
        Minimum Version: 0.0.1
        Vendor: HP (DMI:HP)
        Update Error: TPM PCR0 differs from reconstruction, please see 
https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
        GUID: 116180f2-105d-4ab2-809e-7fabed71217b
        Device Flags: • Internal device
                             • Updatable
                             • Requires AC power
                             • Needs a reboot after installation
                             • Cryptographic hash verification is available
                             • Device is usable for the duration of the update
  
        Update Error: TPM PCR0 differs from reconstruction, please see
  https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
  
  ---
  
  This issue is fixed by upstream commit
  
https://github.com/fwupd/fwupd/pull/2394/commits/e265dd1d8687965bee77259ef3482b09b92033c1
+ 
+ X-HWE-Bug: Bug #1931189

** Tags added: originate-from-1931189

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1909734

Title:
  TPM PCR checking will fail if the all characters are 0

To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1909734/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to