-
Notifications
You must be signed in to change notification settings - Fork 412
TPM PCR0 differs from reconstruction
Starting with fwupd 1.3.8, the daemon will attempt to reconstruct the TPM PCR0 value using the firmware's TPM event log. If the calculation leads to a different value than stored in the PCR it means one of four things:
- An error in the firmware TPM event log.
- An error in the fwupd reconstruction of the TPM PCR0
- A hardware failure
- Presence of malware on the system
Several known bugs #1, #2 were found with the TPM reconstruction. These bugs are fixed in:
- 1.5.x and later series in
1.5.0 - 1.4.x series in
1.4.7 - 1.3.x series in
1.3.12
If you are having problems and are running an earlier version than this, please update to a newer version before reporting an issue.
In order to conclude what type of failure this is, fwupd has the ability to demonstrate the construction of PCR0 using TPM event log in a tool called fwupdtpmevlog.
Please file a bug report to https://github.com/fwupd/fwupd and include the output of this tool when run as root:
Fwupd 1.3.x: Please be sure you are running fwupd 1.3.11 or later. Fwupd 1.4.x: Please be sure you are running fwupd 1.4.5 or later.
# /usr/bin/fwupdtpmevlog
Please ensure you have a snap from fwupd 1.5.0 or later.
# fwupd.fwupdtpmevlog