Received: by 10.223.185.116 with SMTP id b49csp6566599wrg; Thu, 8 Mar 2018 09:28:37 -0800 (PST) X-Google-Smtp-Source: AG47ELsIwZOpgkf4Ubvqu9r0ymMauftqyI9xFLkGRzhr5EL0OKbANM4pifdl91OcS5/l93w4+jYJ X-Received: by 10.99.173.3 with SMTP id g3mr22375033pgf.213.1520530117605; Thu, 08 Mar 2018 09:28:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520530117; cv=none; d=google.com; s=arc-20160816; b=kDX831y3OaV91Uxwp+/nbWA3B3sxfnfdFGOW7t+fnuY39N5Ny7mqRozsxykCXS14Un JPmvwr1xSed6t5PNfIZjerP2BO677ZVrPoo2peEKUhEMlzPDIaHCJk1Pvta5q81MaBkK QVQBaJBQCMj0pwg9jGeFKOVdBYShrbrOpNMUPjlJva5F02LgyIvVPczd93Dl2GhSh2K/ U86tYersS5/IEbSPA6QYn4WB1VXkOXhNARkSwZwdpcaLz3QUZyXhW08XAWDWu4LIl4Px IgoaUDTxNvJg5zMLa24uFFBc9OML2dV0/C0hjtv06LJQgUZltCuAabTZKJ6mWYkBEEBe 0f3w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:feedback-id:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:dkim-signature:dkim-signature :arc-authentication-results; bh=jhSEruCcvQa1DQVX4MltskBopXKo6PrLGw2Pdxer3sw=; b=rgSmJO4omfjl/i43V28fmoOIaQLG2luPa+JIrKMGIigu9rvire6yDV3CAUm4JTVDJ2 feshp9vR2lkePu7xqLLKeD7OfICAY70ypzGfC3Wh4pl18JqKMAFmljErbhhBsj9EEwDH pWxHbYkAtkw97aHlNhpNZvKrEy11jJ3A0SqPzr+hT1M6mnevwThMgyqns958hEgKMt1/ ECL/js/2P0DbmgHUIWk2CtP/huxMSGvC5vlhm2Nom/P/94pTE/aCYrU5LsMxeQwxjRUW lGJyx5BA/iQTUusimPpLbfTBt0XZXOjLYaNvlOoNBNQ2alXI/mw6zRfcvK3bEGyliYEn Uw7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@jcline.org header.s=rdybrs3533vx7mghocfwl3vdwgpl2v5u header.b=ePRD4idb; dkim=pass header.i=@amazonses.com header.s=224i4yxa5dv7c2xz3womw6peuasteono header.b=TnX0crG6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i12-v6si15262901plk.508.2018.03.08.09.28.23; Thu, 08 Mar 2018 09:28:37 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@jcline.org header.s=rdybrs3533vx7mghocfwl3vdwgpl2v5u header.b=ePRD4idb; dkim=pass header.i=@amazonses.com header.s=224i4yxa5dv7c2xz3womw6peuasteono header.b=TnX0crG6; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935968AbeCHR0n (ORCPT + 99 others); Thu, 8 Mar 2018 12:26:43 -0500 Received: from a8-200.smtp-out.amazonses.com ([54.240.8.200]:37946 "EHLO a8-200.smtp-out.amazonses.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934055AbeCHR0l (ORCPT ); Thu, 8 Mar 2018 12:26:41 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=rdybrs3533vx7mghocfwl3vdwgpl2v5u; d=jcline.org; t=1520530000; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding; bh=xTeeCJyJTQKbDYcV99rPuHF3PcFRm2w8wrAeAu3BHpM=; b=ePRD4idbskgvQtOz7I+4t6rEkoS5WDQkXiJ4SzNjQWdRaCokPIJmF+7mLYp1ZaEC DYSpZdX0XXhDC03ReNg/lcuQ2HjCd7EEal5Z9k8L0t+S+P3slExGMAuMdYDmu3XqZD+ miB1+N6EHIZ/P+DFsS3JSk1Z2vw1iMJ02hfBvSgo= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1520530000; h=Subject:To:References:From:Message-ID:Date:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:Feedback-ID; bh=xTeeCJyJTQKbDYcV99rPuHF3PcFRm2w8wrAeAu3BHpM=; b=TnX0crG6SXRxuo4lyzh7xa+R28GOA4ArZwcpzUylUU6tA5r9ZOEaePImSV/a4+Pm g5DCwhcE/fSCJQgYfMeIrMCFgXnfFFI9Xew1sOpqAGrhF2VYNebUt+uSogg0+Kehe/7 iofyfxlIqOAbu0EPqrcx0Jtz/R+NdroQcHzMQDTY= X-Virus-Scanned: amavisd-new at jcline.org Subject: Re: Regression from efi: call get_event_log before ExitBootServices To: Hans de Goede , Javier Martinez Canillas , Thiebaud Weksteen , Jarkko Sakkinen , linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org, tpmdd-devel@lists.sourceforge.net, Linux Kernel Mailing List References: <01000161fc0b4755-df0621f4-ab5d-479a-b425-adf98427a308-000000@email.amazonses.com> From: Jeremy Cline Message-ID: <0100016206a68850-bd5c96b3-f275-46ea-98b1-1317e02a5d6e-000000@email.amazonses.com> Date: Thu, 8 Mar 2018 17:26:40 +0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-SES-Outgoing: 2018.03.08-54.240.8.200 Feedback-ID: 1.us-east-1.z18Isoc/FaoPOvCyJyi1mnTt8STwoRuibXVNoUcvG6g=:AmazonSES Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/08/2018 11:50 AM, Hans de Goede wrote: > added these now> > > Hi, > > On 07-03-18 12:34, Javier Martinez Canillas wrote: >> Are you also able to read the TPM event logs? >> >> $ hexdump /sys/kernel/security/tpm0/binary_bios_measurements > > Yes for me that outputs a lot of hex :) For me, /sys/kernel/security/tmp0 doesn't exist on 4.15.6 or 4.16 with the patch reverted. >> The UEFI firmware does some measurements and so does shim. So you should >> have some event logs. What version of shim are you using? And also would >> be good to know if it's the same shim version that Jeremy is using. > > That is a very good question, I'm using: shim-ia32-13-0.7.x86_64, which is > the last version for F27 AFAICT. All my tablet has installed is shim-0.8-10.x86_64, no shim-ia32. > > But Jeremy's tablet might very well be not using the shim at all, as > I manually installed Fedora 25 on the tablet he now has, before Fedora > supported > machines with 32 bit EFI. I then later did a "dnf distro-sync" to > Fedora-27. > > Jeremy might also very well still be booting using a grub binary I build > manually back then, without any shim being involved. > > Jeremy what does efibootmgr -v output on your device ? # efibootmgr -v BootCurrent: 0003 Timeout: 4 seconds BootOrder: 0003,0000,0001,2001,2002,2003 Boot0000* Android X64 OS HD(1,GPT,215e6cf3-e97d-4735-9c4e-7338c8f5a645,0x800,0x32000)/File(\EFI\BOOT\bootx64.efi)RC Boot0001* Internal EFI Shell FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(c57ad6b7-0515-40a8-9d21-551652854e37)RCM&". Boot0003* Fedora HD(1,GPT,215e6cf3-e97d-4735-9c4e-7338c8f5a645,0x800,0x32000)/File(\EFI\fedora\grubx64.efi) Boot2001* EFI USB Device RC Boot2002* EFI DVD/CDROM RC Boot2003* EFI Network RC Boot8087* Udm FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(9a9ab4c1-ee1b-488b-b300-24544a7bd418) I think you're right about it using the old grub binary. I'm embarrassingly unfamiliar with both UEFI and grub, but I'm guessing you set the location of grub.cfg at compile time? When I boot \EFI\fedora\grubx64.efi, it's pulling the grub.cfg from \EFI\redhat\grub.cfg. Regards, Jeremy