[Bug 1926311] Re: "TPM PCR0 differs from reconstruction" for device firmware errors - not fixed in all releases (1.3.11 in Focal for example)

Mario Limonciello 1926311 at bugs.launchpad.net
Wed Aug 3 15:06:23 UTC 2022 

focal has 1.7.5-3~20.04.1 now that should have this fixed.

** Changed in: fwupd (Ubuntu Focal)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd in Ubuntu.
https://bugs.launchpad.net/bugs/1926311

Title:
  "TPM PCR0 differs from reconstruction" for device firmware errors -
  not fixed in all releases (1.3.11 in Focal for example)

Status in fwupd package in Ubuntu:
  Fix Released
Status in fwupd source package in Focal:
  Fix Released

Bug description:
  `fwupd` has an internal logging mechanism, and during firmware updates
  attempts to rebuild TPM PCRs based off event logs.  Unfortunately,
  this has known bugs in versions before 1.3.12, 1.4.7, 1.5.0.

  Per their wiki on this (https://github.com/fwupd/fwupd/wiki/TPM-
  PCR0-differs-from-reconstruction):

  
  Starting with fwupd 1.3.8, the daemon will attempt to reconstruct the TPM PCR0 value using the firmware's TPM event log. If the calculation leads to a different value than stored in the PCR it means one of four things:

  1. An error in the firmware TPM event log.
  2. An error in the fwupd reconstruction of the TPM PCR0
  3. A hardware failure
  4. Presence of malware on the system

  
  Upstream admits there are known bugs with the reconstruction:  https://github.com/fwupd/fwupd/pull/2183 and https://github.com/fwupd/fwupd/pull/2394

  Focal has 1.3.11.  This does NOT include the fixes for the TPM PCR0
  reconstruction, and is possibly giving false information for the TPM
  reconstruction.

  Getting 1.3.12 into Focal would be beneficial where possible as that
  would allow us to see whether we actually ARE having firmware updates
  / reconstruction issues with TPM.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: fwupd 1.3.11-1~focal1
  ProcVersionSignature: Ubuntu 5.4.0-72.80-generic 5.4.101
  Uname: Linux 5.4.0-72-generic x86_64
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
  ApportVersion: 2.20.11-0ubuntu27.16
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Apr 27 11:22:12 2021
  InstallationDate: Installed on 2018-11-21 (887 days ago)
  InstallationMedia: Ubuntu 18.04.1 LTS "Bionic Beaver" - Release amd64 (20180725)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: fwupd
  UpgradeStatus: Upgraded to focal on 2020-08-23 (246 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/1926311/+subscriptions

More information about the foundations-bugs mailing list