[Bug 1909734] Re: TPM PCR checking will fail if the all characters are 0
Launchpad Bug Tracker
1909734 at bugs.launchpad.net
Mon Apr 26 14:49:23 UTC 2021
This bug was fixed in the package fwupd-signed - 1.30.1
---------------
fwupd-signed (1.30.1) groovy; urgency=medium
* Build depend on fwupd 1.4.7-0~20.10.1
- LP: #1921544
- LP: #1921539
- LP: #1909734
- LP: #1886912
- LP: #1900935
-- Mario Limonciello <mario.limonciello at dell.com> Fri, 26 Mar 2021
14:04:01 -0500
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to fwupd-signed in Ubuntu.
https://bugs.launchpad.net/bugs/1909734
Title:
TPM PCR checking will fail if the all characters are 0
Status in OEM Priority Project:
Triaged
Status in fwupd package in Ubuntu:
Fix Released
Status in fwupd-signed package in Ubuntu:
Fix Released
Status in fwupd source package in Focal:
Triaged
Status in fwupd-signed source package in Focal:
New
Status in fwupd source package in Groovy:
Fix Released
Status in fwupd-signed source package in Groovy:
Fix Released
Status in fwupd source package in Hirsute:
Fix Released
Status in fwupd-signed source package in Hirsute:
Fix Released
Bug description:
[Impact]
* TPM PCR0 differs from reconstruction, if your PCR0 contains one (or
more) zero byte(s) then the PCR0 will mismatch. (zero byte(s) be
ignored)
[Test Plan]
* run
$ fwupdmgr get-devices
...
└─System Firmware:
Device ID: c8489035f8df6f87a1a3cd1baff36129262a5ac1
Current version: 92.1.0
Minimum Version: 0.0.1
Vendor: HP (DMI:HP)
Update Error: TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
GUID: 116180f2-105d-4ab2-809e-7fabed71217b
will get the failed.
* already tried on bug1891966 bug1893018 bug1896855 bug1897674
bug1899914 bug1902835 bug1903660 bug1909539 bug1910197 bug1914335
bug1918600 bug1918866 bug1919270 bug1919424 bug1920714 and this patch
could solve the error.
[Where problems could occur]
* the all zero PCR0 is invalid, the original logic is to check
whether a byte is zero. If zero then skip. It cause the PCR0 will
potentially miss some valid zero byte. (e.g.
0x0C>>00<<62898247F8FE3085960E5B0270E7667B6F7D4CAE17A503950499D45B4116)
* this patch will not skip zero byte. Instead, add a flag to check
whether all bytes are zero.
* for this change, it makes sense and didn't see any potential
regression.
---
In some of HP platforms, the TPM PCR checking will fail on focal
ubuntu
$ fwupdmgr get-devices
...
└─System Firmware:
Device ID: c8489035f8df6f87a1a3cd1baff36129262a5ac1
Current version: 92.1.0
Minimum Version: 0.0.1
Vendor: HP (DMI:HP)
Update Error: TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
GUID: 116180f2-105d-4ab2-809e-7fabed71217b
Device Flags: • Internal device
• Updatable
• Requires AC power
• Needs a reboot after installation
• Cryptographic hash verification is available
• Device is usable for the duration of the update
Update Error: TPM PCR0 differs from reconstruction, please see
https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-
reconstruction
---
This issue is fixed by upstream commit
https://github.com/fwupd/fwupd/pull/2394/commits/e265dd1d8687965bee77259ef3482b09b92033c1
To manage notifications about this bug go to:
https://bugs.launchpad.net/oem-priority/+bug/1909734/+subscriptions
More information about the foundations-bugs
mailing list