Received: by 10.223.185.111 with SMTP id b44csp538678wrg; Fri, 9 Mar 2018 09:04:45 -0800 (PST) X-Google-Smtp-Source: AG47ELsIHU8wN0AdKFwRvX8EDrusfEkVNpLv+8YJ3CZdb+NE2bVdStz1RxiOB40fb+JYhjG+YU8D X-Received: by 10.99.106.71 with SMTP id f68mr24983465pgc.262.1520615084946; Fri, 09 Mar 2018 09:04:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520615084; cv=none; d=google.com; s=arc-20160816; b=IYRc06/drrMYs5Qy1LAbhhBkFtVdmNJDAzHHCUJblzX+56vHv6zUg0lw3TlhgqLN4d 88B/QOG4rH99fUNV2oTPlgDpcYiK5MzgCPJkgF5Nbg0nOwgVl4le5JGHQQPo8ZR8jLmy wWHV/nHJSsa3RRJ9wEYA/sMdJE7FFutnCYdQVugjHVfmZgvKIfrFXFQoeUQroMSTo8kn LL9+mWVnwNbu64PIfRu9UZjCbGuQJOm/0mtV+OPqkJOIULwD049CjPaKbHLeHtN7EN/G Q8wLYXNmpL7Ph/eRx0qRsIE1GEMA0vOuIzo+NCaA1XPtTNgBjHb2ZRZlSW7i1vSSbLiY ee2g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:to:from:subject:message-id :dkim-signature:arc-authentication-results; bh=hjpTNMxji2I5FdRb34bdtjLBohuvlK+kbmuGQZvGWsg=; b=cMZOeDU0n/GVzh0K7YHwCgLsMPQ6K+6ki4N5DuvBUOQm2pZU+HSwk1jq1jo1VMXwDK 82pfFScq78ihcv+KLuYNirnj61207NYMkvAlB7R7VdOsz3hRgpTCqiIkg6wDDAR0GLgv RWvVkBM1i5h++rgiwE/uxMuNWE+S+/UA8JeNg+nXDgPXoZaaxZnkKiuI3We74bnl1KfV GsBAwvjUrvXmk5uztN7AU+3BUQIR8VY7FrpXtXt7VdNbtKtwZ0IxFL+1OQBS1qTKX2T0 ZoL5m1Uc+P4p2h+umZEl3Mf0rx3KQcf8fWTK1kuJsF6sl5SvCHjsCN2phKLWCX9uRUkZ FAJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=dAyV+wAI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v65si1117999pfk.338.2018.03.09.09.04.16; Fri, 09 Mar 2018 09:04:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=dAyV+wAI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932085AbeCIRDR (ORCPT + 99 others); Fri, 9 Mar 2018 12:03:17 -0500 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:38712 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751096AbeCIRDP (ORCPT ); Fri, 9 Mar 2018 12:03:15 -0500 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id DCC7A8EE180; Fri, 9 Mar 2018 09:03:14 -0800 (PST) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ahBj8NiqPnXh; Fri, 9 Mar 2018 09:03:14 -0800 (PST) Received: from [153.66.254.194] (unknown [50.35.65.221]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 3CAAD8EE0C7; Fri, 9 Mar 2018 09:03:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1520614994; bh=bg3Bv8hQujb0vRYrQTi4rcFQtLtrkT/SvcSkSKAkqp8=; h=Subject:From:To:Date:In-Reply-To:References:From; b=dAyV+wAII0xv9vsSm2TJHbbY01q1gifncr3zfvPT1M2s/yglSyzczlyJWsJ1mgeY8 Hsmgr0WWiAbRn/PYIs+uSRWX3C3UI5++VDL6j5nn7NUMr4Sv/KNK3tXoTGFYTSjWeI xs6i1yZZCuJfnHi+2MuzOeHFNnT37hOBHLgTuVeQ= Message-ID: <1520614993.12216.3.camel@HansenPartnership.com> Subject: Re: Regression from efi: call get_event_log before ExitBootServices From: James Bottomley To: Hans de Goede , Jeremy Cline , Javier Martinez Canillas , Thiebaud Weksteen , Jarkko Sakkinen , linux-efi@vger.kernel.org, linux-integrity@vger.kernel.org, tpmdd-devel@lists.sourceforge.net, Linux Kernel Mailing List Date: Fri, 09 Mar 2018 09:03:13 -0800 In-Reply-To: <29c1640a-cf19-ca19-7de9-96f202edfb5a@redhat.com> References: <01000161fc0b4755-df0621f4-ab5d-479a-b425-adf98427a308-000000@email.amazonses.com> <0100016206a68850-bd5c96b3-f275-46ea-98b1-1317e02a5d6e-000000@email.amazonses.com> <29c1640a-cf19-ca19-7de9-96f202edfb5a@redhat.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2018-03-09 at 10:29 +0100, Hans de Goede wrote: > Hi, > > On 08-03-18 18:26, Jeremy Cline wrote: > > > > On 03/08/2018 11:50 AM, Hans de Goede wrote: [...] > > > > The UEFI firmware does some measurements and so does shim. So > > > > you should have some event logs. What version of shim are you > > > > using? And also would be good to know if it's the same shim > > > > version that Jeremy is using. > > > > > > That is a very good question, I'm using: shim-ia32-13-0.7.x86_64, > > > which is the last version for F27 AFAICT. > > > > All my tablet has installed is shim-0.8-10.x86_64, no shim-ia32. > > Yes my bad, although if the kernel changes break booting on systems > without the shim that is still good to know and something which > we probably ought to fix. My laptop is set up with secure boot but without shim using a shim protocol thin layer to check the kernel signature against db variables: https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git/tree/ShimReplace.c and I haven't seen any breakage, so not having a shim that does measurements works for me all the way up to -rc4. James