[Bug 1909734] Re: TPM PCR checking will fail if the all characters are 0
Andy Chi
1909734 at bugs.launchpad.net
Tue Apr 13 10:25:47 UTC 2021
[Device]
HP EliteOne 800 G6 27
[BIOS version]
S11 Ver. 02.04.01
[Package version]
fwupd-signed 1.30.1
result:
System Firmware:
│ Device ID: 90990a533de3259eb645e61a64ad25068f6f3c48
│ Current version: 33816832
│ Minimum Version: 1
│ Vendor: HP (DMI:HP)
│ GUID: 510876c2-f1e5-4d9c-8c81-3e002f1b4792
│ Device Flags: • Internal device
│ • Updatable
│ • Requires AC power
│ • Needs a reboot after installation
│ • Cryptographic hash verification is available
│ • Device is usable for the duration of the update
** Tags removed: verification-needed-groovy
** Tags added: verification-done-groovy
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1909734
Title:
TPM PCR checking will fail if the all characters are 0
Status in OEM Priority Project:
Triaged
Status in fwupd package in Ubuntu:
Fix Released
Status in fwupd-signed package in Ubuntu:
New
Status in fwupd source package in Focal:
Triaged
Status in fwupd-signed source package in Focal:
New
Status in fwupd source package in Groovy:
Fix Committed
Status in fwupd-signed source package in Groovy:
Fix Committed
Status in fwupd source package in Hirsute:
Fix Released
Status in fwupd-signed source package in Hirsute:
New
Bug description:
[Impact]
* TPM PCR0 differs from reconstruction, if your PCR0 contains one (or
more) zero byte(s) then the PCR0 will mismatch. (zero byte(s) be
ignored)
[Test Plan]
* run
$ fwupdmgr get-devices
...
└─System Firmware:
Device ID: c8489035f8df6f87a1a3cd1baff36129262a5ac1
Current version: 92.1.0
Minimum Version: 0.0.1
Vendor: HP (DMI:HP)
Update Error: TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
GUID: 116180f2-105d-4ab2-809e-7fabed71217b
will get the failed.
* already tried on bug1891966 bug1893018 bug1896855 bug1897674
bug1899914 bug1902835 bug1903660 bug1909539 bug1910197 bug1914335
bug1918600 bug1918866 bug1919270 bug1919424 bug1920714 and this patch
could solve the error.
[Where problems could occur]
* the all zero PCR0 is invalid, the original logic is to check
whether a byte is zero. If zero then skip. It cause the PCR0 will
potentially miss some valid zero byte. (e.g.
0x0C>>00<<62898247F8FE3085960E5B0270E7667B6F7D4CAE17A503950499D45B4116)
* this patch will not skip zero byte. Instead, add a flag to check
whether all bytes are zero.
* for this change, it makes sense and didn't see any potential
regression.
---
In some of HP platforms, the TPM PCR checking will fail on focal
ubuntu
$ fwupdmgr get-devices
...
└─System Firmware:
Device ID: c8489035f8df6f87a1a3cd1baff36129262a5ac1
Current version: 92.1.0
Minimum Version: 0.0.1
Vendor: HP (DMI:HP)
Update Error: TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
GUID: 116180f2-105d-4ab2-809e-7fabed71217b
Device Flags: • Internal device
• Updatable
• Requires AC power
• Needs a reboot after installation
• Cryptographic hash verification is available
• Device is usable for the duration of the update
Update Error: TPM PCR0 differs from reconstruction, please see
https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-
reconstruction
---
This issue is fixed by upstream commit
https://github.com/fwupd/fwupd/pull/2394/commits/e265dd1d8687965bee77259ef3482b09b92033c1
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1909734/+subscriptions
More information about the foundations-bugs
mailing list