[Kernel-packages] [Bug 1838796] Re: TPM event log does not contain events measured after ExitBootServices
Hi Marcelo, I tested the Linux-azure-edge kernel at my end and I was able to verify that the PCR value 0 through 7 match. Thanks a lot for your help and support. Thanks Vinay -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices Status in linux package in Ubuntu: Won't Fix Status in linux-azure package in Ubuntu: In Progress Status in linux source package in Xenial: Won't Fix Status in linux-azure source package in Xenial: In Progress Status in linux source package in Disco: Won't Fix Status in linux-azure source package in Disco: In Progress Bug description: The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements) does not contain any events that are measured by UEFI after the kernel's EFI Boot stub calls ExitBootServices(). This means that PCR values calculated from the event log will not match the actual PCR values on the machine for PCR indices into which these events are measured. There are upstream patches to fix this in the mainline kernel tree: https://lore.kernel.org/lkml/20190520205501.177637-1-matthewgarr...@google.com/ --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-06-20 (43 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) IwConfig: eth0 no wireless extensions. lono wireless extensions. Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-22-generic root=UUID=fcb8dc9d-4dd3-490f-9f1c-fa6364770bb0 ro ProcVersionSignature: Ubuntu 4.18.0-22.23~18.04.1-generic 4.18.20 RelatedPackageVersions: linux-restricted-modules-4.18.0-22-generic N/A linux-backports-modules-4.18.0-22-generic N/A linux-firmware 1.173.3 RfKill: Tags: bionic Uname: Linux 4.18.0-22-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 01/30/2019 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v4.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v4.0 dmi.chassis.asset.tag: 8486-4870-7514-9524-5524-7794-69 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v4.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev4.0:bd01/30/2019:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev4.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev4.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev4.0: dmi.product.family: Virtual Machine dmi.product.name: Virtual Machine dmi.product.sku: None dmi.product.version: Hyper-V UEFI Release v4.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1838796] Re: TPM event log does not contain events measured after ExitBootServices
That sounds good. I will try and test it at end too. Thanks a lot for your help :) -Vinay -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices Status in linux package in Ubuntu: Won't Fix Status in linux-azure package in Ubuntu: In Progress Status in linux source package in Xenial: Won't Fix Status in linux-azure source package in Xenial: In Progress Status in linux source package in Disco: Won't Fix Status in linux-azure source package in Disco: In Progress Bug description: The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements) does not contain any events that are measured by UEFI after the kernel's EFI Boot stub calls ExitBootServices(). This means that PCR values calculated from the event log will not match the actual PCR values on the machine for PCR indices into which these events are measured. There are upstream patches to fix this in the mainline kernel tree: https://lore.kernel.org/lkml/20190520205501.177637-1-matthewgarr...@google.com/ --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-06-20 (43 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) IwConfig: eth0 no wireless extensions. lono wireless extensions. Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-22-generic root=UUID=fcb8dc9d-4dd3-490f-9f1c-fa6364770bb0 ro ProcVersionSignature: Ubuntu 4.18.0-22.23~18.04.1-generic 4.18.20 RelatedPackageVersions: linux-restricted-modules-4.18.0-22-generic N/A linux-backports-modules-4.18.0-22-generic N/A linux-firmware 1.173.3 RfKill: Tags: bionic Uname: Linux 4.18.0-22-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 01/30/2019 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v4.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v4.0 dmi.chassis.asset.tag: 8486-4870-7514-9524-5524-7794-69 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v4.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev4.0:bd01/30/2019:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev4.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev4.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev4.0: dmi.product.family: Virtual Machine dmi.product.name: Virtual Machine dmi.product.sku: None dmi.product.version: Hyper-V UEFI Release v4.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1838796] Re: TPM event log does not contain events measured after ExitBootServices
Hi Marcelo, I am facing the same issue as I was with the .deb packages. When I run "sudo apt install Linux-azure-edge" and reboot, the kernel does not boot. I am able to boot into the Linux 5.3.040-generic kernel but not the azure edge kernel. That said, I tried it on both the physical machine and Hyper v with secure boot enabled. The kernel boots fine on Hyper V but not on the physical machine. Did you get a chance to test it on a physical machine? -Vinay -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices Status in linux package in Ubuntu: Won't Fix Status in linux-azure package in Ubuntu: In Progress Status in linux source package in Xenial: Won't Fix Status in linux-azure source package in Xenial: In Progress Status in linux source package in Disco: Won't Fix Status in linux-azure source package in Disco: In Progress Bug description: The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements) does not contain any events that are measured by UEFI after the kernel's EFI Boot stub calls ExitBootServices(). This means that PCR values calculated from the event log will not match the actual PCR values on the machine for PCR indices into which these events are measured. There are upstream patches to fix this in the mainline kernel tree: https://lore.kernel.org/lkml/20190520205501.177637-1-matthewgarr...@google.com/ --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-06-20 (43 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) IwConfig: eth0 no wireless extensions. lono wireless extensions. Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-22-generic root=UUID=fcb8dc9d-4dd3-490f-9f1c-fa6364770bb0 ro ProcVersionSignature: Ubuntu 4.18.0-22.23~18.04.1-generic 4.18.20 RelatedPackageVersions: linux-restricted-modules-4.18.0-22-generic N/A linux-backports-modules-4.18.0-22-generic N/A linux-firmware 1.173.3 RfKill: Tags: bionic Uname: Linux 4.18.0-22-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 01/30/2019 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v4.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v4.0 dmi.chassis.asset.tag: 8486-4870-7514-9524-5524-7794-69 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v4.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev4.0:bd01/30/2019:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev4.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev4.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev4.0: dmi.product.family: Virtual Machine dmi.product.name: Virtual Machine dmi.product.sku: None dmi.product.version: Hyper-V UEFI Release v4.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1838796] Re: TPM event log does not contain events measured after ExitBootServices
Hi Marcelo, Thanks for the information. I will try and validate the Linux-azure-edge kernel. Regarding your test environment, there are no issues. This is the expected environment for the guest OS. -Vinay -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices Status in linux package in Ubuntu: Won't Fix Status in linux-azure package in Ubuntu: In Progress Status in linux source package in Xenial: Won't Fix Status in linux-azure source package in Xenial: In Progress Status in linux source package in Disco: Won't Fix Status in linux-azure source package in Disco: In Progress Bug description: The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements) does not contain any events that are measured by UEFI after the kernel's EFI Boot stub calls ExitBootServices(). This means that PCR values calculated from the event log will not match the actual PCR values on the machine for PCR indices into which these events are measured. There are upstream patches to fix this in the mainline kernel tree: https://lore.kernel.org/lkml/20190520205501.177637-1-matthewgarr...@google.com/ --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-06-20 (43 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) IwConfig: eth0 no wireless extensions. lono wireless extensions. Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-22-generic root=UUID=fcb8dc9d-4dd3-490f-9f1c-fa6364770bb0 ro ProcVersionSignature: Ubuntu 4.18.0-22.23~18.04.1-generic 4.18.20 RelatedPackageVersions: linux-restricted-modules-4.18.0-22-generic N/A linux-backports-modules-4.18.0-22-generic N/A linux-firmware 1.173.3 RfKill: Tags: bionic Uname: Linux 4.18.0-22-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 01/30/2019 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v4.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v4.0 dmi.chassis.asset.tag: 8486-4870-7514-9524-5524-7794-69 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v4.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev4.0:bd01/30/2019:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev4.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev4.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev4.0: dmi.product.family: Virtual Machine dmi.product.name: Virtual Machine dmi.product.sku: None dmi.product.version: Hyper-V UEFI Release v4.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1838796] Re: TPM event log does not contain events measured after ExitBootServices
Hi Marcelo, I am trying to load the kernel on an x86_64 physical machine. Here is how I installed the .deb pkg on the machine. "sudo dpkg -i linux- modules-4.15.0-1066-azure_4.15.0-1066.71+lp1838796.2_amd64.deb" "sudo dpkg -i linux-image- unsigned-4.15.0-1066-azure_4.15.0-1066.71+lp1838796.2_amd64.deb" I rebooted the system after this and tried to select the kernel from the grub menu. I am not sure what I am missing. Here is the output of the os-release file on the machine. NAME="Ubuntu" VERSION="18.04.4 LTS (Bionic Beaver)" ID=ubuntu ID_LIKE=debian PRETTY_NAME="Ubuntu 18.04.4 LTS" VERSION_ID="18.04" HOME_URL="https://www.ubuntu.com/"; SUPPORT_URL="https://help.ubuntu.com/"; BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"; PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"; VERSION_CODENAME=bionic UBUNTU_CODENAME=bionic Also, the targeted environment will be Hyper V. We are running into some Hyper V issues and thus I am trying to validate the kernel on a physical machine. -Vinay -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices Status in linux package in Ubuntu: Won't Fix Status in linux-azure package in Ubuntu: In Progress Status in linux source package in Xenial: Won't Fix Status in linux-azure source package in Xenial: In Progress Status in linux source package in Disco: Won't Fix Status in linux-azure source package in Disco: In Progress Bug description: The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements) does not contain any events that are measured by UEFI after the kernel's EFI Boot stub calls ExitBootServices(). This means that PCR values calculated from the event log will not match the actual PCR values on the machine for PCR indices into which these events are measured. There are upstream patches to fix this in the mainline kernel tree: https://lore.kernel.org/lkml/20190520205501.177637-1-matthewgarr...@google.com/ --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-06-20 (43 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) IwConfig: eth0 no wireless extensions. lono wireless extensions. Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-22-generic root=UUID=fcb8dc9d-4dd3-490f-9f1c-fa6364770bb0 ro ProcVersionSignature: Ubuntu 4.18.0-22.23~18.04.1-generic 4.18.20 RelatedPackageVersions: linux-restricted-modules-4.18.0-22-generic N/A linux-backports-modules-4.18.0-22-generic N/A linux-firmware 1.173.3 RfKill: Tags: bionic Uname: Linux 4.18.0-22-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 01/30/2019 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v4.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v4.0 dmi.chassis.asset.tag: 8486-4870-7514-9524-5524-7794-69 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v4.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev4.0:bd01/30/2019:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev4.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev4.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev4.0: dmi.product.family: Virtual Machine dmi.product.name: Virtual Machine dmi.product.sku: None dmi.product.version: Hyper-V UEFI Release v4.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1838796] Re: TPM event log does not contain events measured after ExitBootServices
Hi Marcelo, I tried to validate the test kernel provided by you in comment 23. I am not able to load the kernel. When I select the kernel from the grub menu, the loading gets stuck at "Loading initial ramdisk". I tried it with secure boot disabled too, just to be sure we are not making any mistakes with the signing part. I am not sure if I am missing something here. Can you please help resolve this? Thanks Vinay -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices Status in linux package in Ubuntu: Won't Fix Status in linux-azure package in Ubuntu: In Progress Status in linux source package in Xenial: Won't Fix Status in linux-azure source package in Xenial: In Progress Status in linux source package in Disco: Won't Fix Status in linux-azure source package in Disco: In Progress Bug description: The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements) does not contain any events that are measured by UEFI after the kernel's EFI Boot stub calls ExitBootServices(). This means that PCR values calculated from the event log will not match the actual PCR values on the machine for PCR indices into which these events are measured. There are upstream patches to fix this in the mainline kernel tree: https://lore.kernel.org/lkml/20190520205501.177637-1-matthewgarr...@google.com/ --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-06-20 (43 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) IwConfig: eth0 no wireless extensions. lono wireless extensions. Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-22-generic root=UUID=fcb8dc9d-4dd3-490f-9f1c-fa6364770bb0 ro ProcVersionSignature: Ubuntu 4.18.0-22.23~18.04.1-generic 4.18.20 RelatedPackageVersions: linux-restricted-modules-4.18.0-22-generic N/A linux-backports-modules-4.18.0-22-generic N/A linux-firmware 1.173.3 RfKill: Tags: bionic Uname: Linux 4.18.0-22-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 01/30/2019 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v4.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v4.0 dmi.chassis.asset.tag: 8486-4870-7514-9524-5524-7794-69 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v4.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev4.0:bd01/30/2019:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev4.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev4.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev4.0: dmi.product.family: Virtual Machine dmi.product.name: Virtual Machine dmi.product.sku: None dmi.product.version: Hyper-V UEFI Release v4.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1838796] Re: TPM event log does not contain events measured after ExitBootServices
Hi Marcelo, Can you please let us know when you are with the tests on your side? We can then go ahead and validate the test kernel at our end. -Vinay -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices Status in linux package in Ubuntu: Won't Fix Status in linux-azure package in Ubuntu: In Progress Status in linux source package in Xenial: Won't Fix Status in linux-azure source package in Xenial: In Progress Status in linux source package in Disco: Won't Fix Status in linux-azure source package in Disco: In Progress Bug description: The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements) does not contain any events that are measured by UEFI after the kernel's EFI Boot stub calls ExitBootServices(). This means that PCR values calculated from the event log will not match the actual PCR values on the machine for PCR indices into which these events are measured. There are upstream patches to fix this in the mainline kernel tree: https://lore.kernel.org/lkml/20190520205501.177637-1-matthewgarr...@google.com/ --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-06-20 (43 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) IwConfig: eth0 no wireless extensions. lono wireless extensions. Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-22-generic root=UUID=fcb8dc9d-4dd3-490f-9f1c-fa6364770bb0 ro ProcVersionSignature: Ubuntu 4.18.0-22.23~18.04.1-generic 4.18.20 RelatedPackageVersions: linux-restricted-modules-4.18.0-22-generic N/A linux-backports-modules-4.18.0-22-generic N/A linux-firmware 1.173.3 RfKill: Tags: bionic Uname: Linux 4.18.0-22-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 01/30/2019 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v4.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v4.0 dmi.chassis.asset.tag: 8486-4870-7514-9524-5524-7794-69 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v4.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev4.0:bd01/30/2019:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev4.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev4.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev4.0: dmi.product.family: Virtual Machine dmi.product.name: Virtual Machine dmi.product.sku: None dmi.product.version: Hyper-V UEFI Release v4.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1838796] Re: TPM event log does not contain events measured after ExitBootServices
Hi Chris, There are few observations we made while testing. 1. On baseline Ubuntu, we see a PCR7 mismatch. Could you please confirm if this is a known issue and what is the reason for this mismatch? 2. We were able to validate that there were duplicate entries in the TCG logs with the test kernel and extending those entries in the PCR matched the TCG log PCR values. But the same is not true for the baseline Ubuntu, we did not see duplicate values in the baseline Ubuntu measurements. Does the test kernel try to fix the PCR7 mismatch too and also introduces a regression because of duplicate entries? 3. We also noticed that there are no bios measurements exposed by the kernel when secure boot is turned off. Is it possible to get bios measurements in that scenario, indicating that secure boot is turned off? -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices Status in linux package in Ubuntu: Won't Fix Status in linux-azure package in Ubuntu: In Progress Status in linux source package in Xenial: Won't Fix Status in linux-azure source package in Xenial: In Progress Status in linux source package in Disco: Won't Fix Status in linux-azure source package in Disco: In Progress Bug description: The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements) does not contain any events that are measured by UEFI after the kernel's EFI Boot stub calls ExitBootServices(). This means that PCR values calculated from the event log will not match the actual PCR values on the machine for PCR indices into which these events are measured. There are upstream patches to fix this in the mainline kernel tree: https://lore.kernel.org/lkml/20190520205501.177637-1-matthewgarr...@google.com/ --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-06-20 (43 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) IwConfig: eth0 no wireless extensions. lono wireless extensions. Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-22-generic root=UUID=fcb8dc9d-4dd3-490f-9f1c-fa6364770bb0 ro ProcVersionSignature: Ubuntu 4.18.0-22.23~18.04.1-generic 4.18.20 RelatedPackageVersions: linux-restricted-modules-4.18.0-22-generic N/A linux-backports-modules-4.18.0-22-generic N/A linux-firmware 1.173.3 RfKill: Tags: bionic Uname: Linux 4.18.0-22-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 01/30/2019 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v4.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v4.0 dmi.chassis.asset.tag: 8486-4870-7514-9524-5524-7794-69 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v4.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev4.0:bd01/30/2019:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev4.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev4.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev4.0: dmi.product.family: Virtual Machine dmi.product.name: Virtual Machine dmi.product.sku: None dmi.product.version: Hyper-V UEFI Release v4.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1838796] Re: TPM event log does not contain events measured after ExitBootServices
Hi Chris, Can you please point me to the parser tool that you used to parse the binary_bios_measurements? We can try that tool at our end to see if the our tool has a bug. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices Status in linux package in Ubuntu: Won't Fix Status in linux-azure package in Ubuntu: In Progress Status in linux source package in Xenial: Won't Fix Status in linux-azure source package in Xenial: In Progress Status in linux source package in Disco: Won't Fix Status in linux-azure source package in Disco: In Progress Bug description: The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements) does not contain any events that are measured by UEFI after the kernel's EFI Boot stub calls ExitBootServices(). This means that PCR values calculated from the event log will not match the actual PCR values on the machine for PCR indices into which these events are measured. There are upstream patches to fix this in the mainline kernel tree: https://lore.kernel.org/lkml/20190520205501.177637-1-matthewgarr...@google.com/ --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-06-20 (43 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) IwConfig: eth0 no wireless extensions. lono wireless extensions. Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-22-generic root=UUID=fcb8dc9d-4dd3-490f-9f1c-fa6364770bb0 ro ProcVersionSignature: Ubuntu 4.18.0-22.23~18.04.1-generic 4.18.20 RelatedPackageVersions: linux-restricted-modules-4.18.0-22-generic N/A linux-backports-modules-4.18.0-22-generic N/A linux-firmware 1.173.3 RfKill: Tags: bionic Uname: Linux 4.18.0-22-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 01/30/2019 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v4.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v4.0 dmi.chassis.asset.tag: 8486-4870-7514-9524-5524-7794-69 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v4.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev4.0:bd01/30/2019:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev4.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev4.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev4.0: dmi.product.family: Virtual Machine dmi.product.name: Virtual Machine dmi.product.sku: None dmi.product.version: Hyper-V UEFI Release v4.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1838796] Re: TPM event log does not contain events measured after ExitBootServices
I have verified the kernel image provided above. The PCR5 values in the TCG logs and in the TPM match. I have also verified that the ExitBootServices event is present in the binary_bios_measurements. However, I see there is a mismatch for PCR4 and PCR7 between the TCG logs and the TPM values. I am not sure if that is expected or is it something to be concerned about. PCR4 logs the EFI Service Application events. Attaching screenshots of the PCR values and PCR4 log events for your reference. ** Attachment added: "Zip file containing PCR value screenshots from the TCG logs and the TPM" https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+attachment/5306971/+files/PCR-Values.zip -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-azure in Ubuntu. https://bugs.launchpad.net/bugs/1838796 Title: TPM event log does not contain events measured after ExitBootServices Status in linux package in Ubuntu: Won't Fix Status in linux-azure package in Ubuntu: In Progress Status in linux source package in Xenial: Won't Fix Status in linux-azure source package in Xenial: In Progress Status in linux source package in Disco: Won't Fix Status in linux-azure source package in Disco: In Progress Bug description: The TPM event log (/sys/kernel/security/tpm0/binary_bios_measurements) does not contain any events that are measured by UEFI after the kernel's EFI Boot stub calls ExitBootServices(). This means that PCR values calculated from the event log will not match the actual PCR values on the machine for PCR indices into which these events are measured. There are upstream patches to fix this in the mainline kernel tree: https://lore.kernel.org/lkml/20190520205501.177637-1-matthewgarr...@google.com/ --- ProblemType: Bug ApportVersion: 2.20.9-0ubuntu7.5 Architecture: amd64 AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: command ['iw', 'reg', 'get'] failed with exit code 1: nl80211 not found. CurrentDesktop: ubuntu:GNOME DistroRelease: Ubuntu 18.04 InstallationDate: Installed on 2019-06-20 (43 days ago) InstallationMedia: Ubuntu-Server 18.04.2 LTS "Bionic Beaver" - Release amd64 (20190210) IwConfig: eth0 no wireless extensions. lono wireless extensions. Lspci: Lsusb: Error: command ['lsusb'] failed with exit code 1: MachineType: Microsoft Corporation Virtual Machine Package: linux (not installed) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR= LANG=en_US.UTF-8 SHELL=/bin/bash ProcFB: 0 hyperv_fb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.18.0-22-generic root=UUID=fcb8dc9d-4dd3-490f-9f1c-fa6364770bb0 ro ProcVersionSignature: Ubuntu 4.18.0-22.23~18.04.1-generic 4.18.20 RelatedPackageVersions: linux-restricted-modules-4.18.0-22-generic N/A linux-backports-modules-4.18.0-22-generic N/A linux-firmware 1.173.3 RfKill: Tags: bionic Uname: Linux 4.18.0-22-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo _MarkForUpload: True dmi.bios.date: 01/30/2019 dmi.bios.vendor: Microsoft Corporation dmi.bios.version: Hyper-V UEFI Release v4.0 dmi.board.asset.tag: None dmi.board.name: Virtual Machine dmi.board.vendor: Microsoft Corporation dmi.board.version: Hyper-V UEFI Release v4.0 dmi.chassis.asset.tag: 8486-4870-7514-9524-5524-7794-69 dmi.chassis.type: 3 dmi.chassis.vendor: Microsoft Corporation dmi.chassis.version: Hyper-V UEFI Release v4.0 dmi.modalias: dmi:bvnMicrosoftCorporation:bvrHyper-VUEFIReleasev4.0:bd01/30/2019:svnMicrosoftCorporation:pnVirtualMachine:pvrHyper-VUEFIReleasev4.0:rvnMicrosoftCorporation:rnVirtualMachine:rvrHyper-VUEFIReleasev4.0:cvnMicrosoftCorporation:ct3:cvrHyper-VUEFIReleasev4.0: dmi.product.family: Virtual Machine dmi.product.name: Virtual Machine dmi.product.sku: None dmi.product.version: Hyper-V UEFI Release v4.0 dmi.sys.vendor: Microsoft Corporation To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1838796/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
