Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Precision 7740 PCR0 reconstruction fails #23

Closed
hpvb opened this issue May 21, 2020 · 3 comments
Closed

Precision 7740 PCR0 reconstruction fails #23

hpvb opened this issue May 21, 2020 · 3 comments

Comments

@hpvb
Copy link

hpvb commented May 21, 2020

Probably related to #21 but here goes:

I have no idea if this used to work with older firmware versions. I only found out today this is a problem on this machine.

# fwupdmgr get-devices
Precision 7740
│
├─Thunderbolt Controller:
│     Device ID:           77954416d56a4d84c7830c713a347c3b74d5fa7d
│     Summary:             Unmatched performance for high-speed I/O
│     Current version:     41.01
│     Vendor:              Dell (TBT:0x00D4)
│     GUIDs:               49c8274e-bc6a-5707-a197-ca0c9a35bda0 ← THUNDERBOLT\VEN_00D4&DEV_0927&REV_00
│                          3f759afe-e19e-5d26-bb64-0aad84c82ac3 ← THUNDERBOLT\VEN_00D4&DEV_0927
│                          81db9688-b112-5e24-9f92-e96f05770934 ← TBT-00d40927-native
│                          1707b992-6eb5-5913-8601-6ac003d0f6c1 ← TBT-00d40927-native-controller0-0
│     Device Flags:        • Internal device
│                          • Updatable
│                          • Requires AC power
│                          • Device stages updates
│   
├─KXG50PNV2T04 NVMe KIOXIA 2048GB:
│     Device ID:           03281da317dccd2b18de2bd1cc70a782df40ed7e
│     Summary:             NVM Express Solid State Drive
│     Current version:     AFDA4105
│     Vendor:              Toshiba Corporation (NVME:0x1179)
│     Serial Number:       X9OA21YFKKTL
│     GUIDs:               af8d42da-167c-546a-9294-c1502f6ccbab ← NVME\VEN_1179&DEV_0116&REV_00
│                          4d0aed03-a30c-52c6-99e7-a8977797c3d9 ← NVME\VEN_1179&DEV_0116
│                          82cb5521-56c1-59fd-92ff-6efc210afb7e ← KXG50PNV2T04 NVMe KIOXIA 2048GB
│     Device Flags:        • Internal device
│                          • Updatable
│                          • Requires AC power
│                          • Needs a reboot after installation
│                          • Device is usable for the duration of the update
│   
├─System Firmware:
│     Device ID:           cac9de2369fa3c52f34448afb98d95c9d18cc6d4
│     Current version:     1.8.2
│     Minimum Version:     1.8.2
│     Vendor:              Dell Inc. (DMI:Dell Inc.)
│     Update Message:      TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
│     GUIDs:               74992bad-d49d-4f82-bb77-bbe865bea34e
│                          230c8b18-8d9b-53ec-838b-6cfc0383493a ← main-system-firmware
│                          c2b8844c-c82e-5ce5-8dda-753d175d8e31 ← UEFI\RES_{74992BAD-D49D-4F82-BB77-BBE865BEA34E}
│     Device Flags:        • Internal device
│                          • Updatable
│                          • Requires AC power
│                          • Supported on remote server
│                          • Needs a reboot after installation
│                          • Cryptographic hash verification is available
│                          • Device is usable for the duration of the update
│   
└─TPM 2.0:
      Device ID:           c6a80ac3a22083423992a3cb15018989f37834d6
      Summary:             Platform TPM device
      Current version:     7.2.1.0
      Vendor:              Dell Inc. (PCI:0x1028)
      GUIDs:               ac28967e-88af-5d62-b69e-0671a22a0a7e ← 0927-2.0
                           ff71992e-52f7-5eea-94ef-883e56e034c6 ← system-tpm
                           7d65b10b-bb24-552d-ade5-590b3b278188 ← DELL-TPM-2.0-NTC-NPCT
                           6f5ddd3a-8339-5b2a-b9a6-cf3b92f6c86d ← DELL-TPM-2.0-NTC-NPCT75x
                           fe462d4a-e48f-5069-9172-47330fc5e838 ← DELL-TPM-2.0-NTC-NPCT75xrls
      Device Flags:        • Internal device
                           • Updatable
                           • Requires AC power
                           • Needs a reboot after installation

# /usr/bin/fwupdtpmevlog
PCR:                     BIOS (0)
Type:                    0x7
Description:             EV_S_CRTM_CONTENTS
ChecksumSha1:            f9f303b8105442379214f915ca0ac5e5dac136ef6cfbe03b0bcec711f30a164f
BlobStr:                 Boot Guard Measured S-CRTM.

PCR:                     BIOS (0)
Type:                    0x8
Description:             EV_S_CRTM_VERSION
ChecksumSha1:            d4720b4009438213b803568017f903093f6bea8ab47d283db32b6eabedbbf155
BlobStr:                 ..kT..U@..N....:

PCR:                     BIOS (0)
Type:                    0x1
Description:             EV_POST_CODE
ChecksumSha1:            b2f635b3687b3b44b685d186dc29a2e24d6c910a073587a4bb8c751a287c5889
BlobStr:                 ..........c.....

PCR:                     BIOS (0)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     BIOS Configuration (1)
Type:                    0x80000009
Description:             EV_EFI_HANDOFF_TABLES
ChecksumSha1:            0f57271e82d06cab06e58b458ad63bb406d375525694b1ee692fafb341bd7431
BlobStr:                 ...........? boD.....|....HO....

PCR:                     BIOS Configuration (1)
Type:                    0x80000009
Description:             EV_EFI_HANDOFF_TABLES
ChecksumSha1:            7b191f8c083870c0d0e891c4eeb7ecc7e12aca760f54e0efd45676adad8050f5
BlobStr:                 ...........? boD.....|....HO....

PCR:                     BIOS Configuration (1)
Type:                    0xa
Description:             EV_PLATFORM_CONFIG_FLAGS
ChecksumSha1:            75c83c0f2ff553a2bdb0457a45a3fa482b425b2ee19ef6f758e1a4310e9b65d1
BlobStr:                 ..........0........."....#...................B....J..............a....`...._....D$..................|.........x....7....)....#...."....$....b..............2.........

PCR:                     BIOS Configuration (1)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     BIOS Configuration (1)
Type:                    0x80000002
Description:             EV_EFI_VARIABLE_BOOT
ChecksumSha1:            76e427692bee45236c7a0792e4af393ceecb8ce3387298c9ed334e81d9915d1d
BlobStr:                 a.............+.................B.o.o.t.O.r.d.e.r.........

PCR:                     BIOS Configuration (1)
Type:                    0x80000002
Description:             EV_EFI_VARIABLE_BOOT
ChecksumSha1:            6e08e365bdecfcb2331a5191ff5e240da080fa3c00c5f0d3ddf5f35272344593
BlobStr:                 a.............+.........v.......B.o.o.t.0.0.0.0.....b.F.e.d.o.r.a.....*.....................O.I....N......u.....4.\.E.F.I.\.f.e.d.o.r.a.\.s.h.i.m.x.6.4...e.f.i.......

PCR:                     BIOS Configuration (1)
Type:                    0x80000002
Description:             EV_EFI_VARIABLE_BOOT
ChecksumSha1:            decc826965083b7ef387d0862227a988155a973a771def0fcef228bcba8ddda5
BlobStr:                 a.............+.........&.......B.o.o.t.0.0.0.6.......U.E.F.I.:. .K.X.G.5.0.P.N.V.2.T.0.4. .N.V.M.e. .K.I.O.X.I.A. .2.0.4.8.G.B.,. .P.a.r.t.i.t.i.o.n. .1.....*.....................O.I....N......u.....0.\.E.F.I.\.B.o.o.t.\.B.o.o.t.X.6.4...e.f.i.........T..Gd-.;.A..MQ..L.K.X.G.5.0.P.N.V.2.T.0.4. .N.V.M.e. .K.I.O.X.I.A. .2.0.4.8.G.B.........BO

PCR:                     BIOS Configuration (1)
Type:                    0x80000002
Description:             EV_EFI_VARIABLE_BOOT
ChecksumSha1:            a2142ab746263b62e1348e34ec1dd8c842cff666b08fab6f7899fa06f59a3285
BlobStr:                 a.............+.................B.o.o.t.0.0.0.2.....b.L.i.n.u.x. .F.i.r.m.w.a.r.e. .U.p.d.a.t.e.r.....*.....................O.I....N......u.....4.\.E.F.I.\.f.e.d.o.r.a.\.s.h.i.m.x.6.4...e.f.i.......\.f.w.u.p.d.x.6.4...e.f.i...

PCR:                     BIOS Configuration (1)
Type:                    0x80000002
Description:             EV_EFI_VARIABLE_BOOT
ChecksumSha1:            91f7ba89327c225190e9e4ec1afe4316a6882b46b474789c22e46433519f0609
BlobStr:                 a.............+.........&.......B.o.o.t.0.0.0.7.......U.E.F.I.:. .K.X.G.5.0.P.N.V.2.T.0.4. .N.V.M.e. .K.I.O.X.I.A. .2.0.4.8.G.B.,. .P.a.r.t.i.t.i.o.n. .1.....*.....................L.....J@..S..x.\....0.\.E.F.I.\.B.o.o.t.\.B.o.o.t.X.6.4...e.f.i.........T..Gd-.;.A..MQ..L.K.X.G.5.0.P.N.V.2.T.0.4. .N.V.M.e. .K.I.O.X.I.A. .2.0.4.8.G.B.........BO

PCR:                     BIOS Configuration (1)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            082271255dccb5fe8d86908978b9eb67881b49c7eb0e04faf8bf23f377fd0bf2
BlobStr:                 a.............+.................D.e.p.l.o.y.e.d.M.o.d.e..

PCR:                     BIOS Configuration (1)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            b70b7c1b92209af66d79d12dec1f14f4b8c71c0c69be22a1a04f5c5804e26ec3
BlobStr:                 a.............+.................A.u.d.i.t.M.o.d.e..

PCR:                     BIOS Configuration (1)
Type:                    0x80000009
Description:             EV_EFI_HANDOFF_TABLES
ChecksumSha1:            486ddc0e4e80a527e517631a013dc19a0a727086cd0f29879fe565bf833439c4
BlobStr:                 ........1-...-......'?.M........

PCR:                     Option ROMs (2)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Option ROM configuration (3)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Initial program loader code (4)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Initial program loader code (4)
Type:                    0x80000003
Description:             EV_BOOT_SERVICES_APPLICATION
ChecksumSha1:            0ce02100f67c7ef85f4eed368f02bf7092380a3c23ca91fd7f19430d94b00c19
BlobStr:                 ...M.....y...........................A...............................W....*.....................O.I....N......u.....4.\.E.F.I.\.f.e.d.o.r.a.\.s.h.i.m.x.6.4...e.f.i.......

PCR:                     Initial program loader code (4)
Type:                    0x80000003
Description:             EV_BOOT_SERVICES_APPLICATION
ChecksumSha1:            23a998268c7ae5c88a66ad121235bbb43c55e4e978075416d4ed4f6908f8f23e
BlobStr:                 ..................................&.. &..

PCR:                     Initial program loader code (4)
Type:                    0x80000003
Description:             EV_BOOT_SERVICES_APPLICATION
ChecksumSha1:            e210ac14018625f5b904321d108325595f88f16c77bd8d5e8e2084e2205cb418
BlobStr:                 ................................ ... ....

PCR:                     Initial program loader code configuration (5)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Initial program loader code configuration (5)
Type:                    0x80000006
Description:             EV_EFI_GPT_EVENT
ChecksumSha1:            bbb1a3071f38cb70ceaf12b8e0d7bd24411c338055cb3b187fd75e3b6a1f702e
BlobStr:                 EFI PART....\...$................Rw....."........Rw......4..u..A...H..R.............................(s*......K...>.;O.I....N......u.........................E.F.I. .S.y.s.t.e.m. .P.a.r.t.i.t.i.o.n.......................................;M..t?....#{..i..G..V.*.%$......................................................................................................;M..t?.....E.M._BF...,-Ijt.........Ow.....................................................................................

PCR:                     State transitions and wake events (6)
Type:                    0xc
Description:             EV_COMPACT_HASH
ChecksumSha1:            6045f20bdd1230c4f16d8bfb9074c1447d639b4a660e183593ee2a175a6bea1d
BlobStr:                 Dell Configuration Information 1

PCR:                     State transitions and wake events (6)
Type:                    0xc
Description:             EV_COMPACT_HASH
ChecksumSha1:            46c896e83d9bc0788eeaa5b846b6bf1d9c2d80caf804932be92d064358918c98
BlobStr:                 Dell Configuration Information 1

PCR:                     State transitions and wake events (6)
Type:                    0xc
Description:             EV_COMPACT_HASH
ChecksumSha1:            f4f9a9c613d4ce540f782095264f5d6e142cfe2eb4e5071f2bc25f20ac7e7dce
BlobStr:                 Dell Configuration Information 2

PCR:                     State transitions and wake events (6)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            ccfc4bb32888a345bc8aeadaba552b627d99348c767681ab3141f5b01e40a40e
BlobStr:                 a.............+.................S.e.c.u.r.e.B.o.o.t..

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            2abfe9865a654102acb12f0fefe52dc4d01bce40901410eb3dadaf212700a2b7
BlobStr:                 a.............+.................P.K..Y.....J....\+.r.............MVp...N....I..\0...0..........P.......@-.x..h.0...*.H........0g1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1.0...U....Dell Inc. Platform Key0...160601202007Z..310601203006Z0g1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1.0...U....Dell Inc. Platform Key0.."0...*.H.............0......... :@..gX#.D. ...D...6..mKX.N,."[.......(}...p.'.8....$.......7......S6@v.vd'.&?.E.........).x7.^.9....V...13..6....9.'.g.c........X.D.....H.i._.TOD4.z.W.,.3J..N.]=......d......J.<...&{.i_C._9..$..q.........Bs..<>Tu.SI....T...dqG.o....p..C7..o...d..^..c.q.C......E0C0...U...........0...U.......0.......0...U......Fo... R.V..9.H.H.u..0...*.H.............R..y..r..Ii%..\j.2..t..)i.....F`.Rz3...h.s.8.....g....g.q..hq..@.n.Y.R....R'.l...4..Y*.5...&....7....0(wS...._@6c.Tc...2...y.....&..*k...(.&.Z..`9..........k.|.......7......R(.;.7....~..1..@.........3..y$.,C[B,l..lH#...8>U.I.9..e>...$E.[.(:.......K..l...!.

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            63a525134bfbc242058c0e6b42794f8b1d142d13029a9aa38a3272c5ca2390c5
BlobStr:                 a.............+.................K.E.K..Y.....J....\+.r.............MVp...N....I..\0...0..........'..R.]..L6wB....0...*.H........0g1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1.0...U....Dell Inc. Platform Key0...160601202248Z..230601203247Z0k1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1#0!..U....Dell Inc. Key Exchange Key0.."0...*.H.............0...........;.A)LB....f-.3.....I.}c........f0[.....U.....<....i.....@_(..o.J..A@....3S..Hp...6tJYb.....1..d.....x..x ..N...0......3..A...s...u..\HhI...........N.FY.....jy._....Vp...1..r.....k...]^...\.......Z..........z.....53.e<w(....@....6..+9......f..A..^Q...yy.......f0d0...U...........0...U.......0.......0...U.#..0...Fo... R.V..9.H.H.u..0...U.............{...c..<`r..r0...*.H............. . ..\%.C.oU...=Q..........^..}....l...fMme($s....J.OB+...C........@.....)...vGZ..[.|i.....-...BE8Qp....J.s..Q.Gz...r.5..6.My...k....r...wp5...:.....o.I.v.cxy....,..9.P........7P0.c*rYW.e#.....AE.^....zot...N.b.......h...2..@e.gm........K.I.B..WH{...,.T.k6.Y.....J....\+.r...............wY.2M.`(...xK0...0..........a.........0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1;09..U...2Microsoft Corporation Third Party Marketplace Root0...110624204129Z..260624205129Z0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1*0(..U...!Microsoft Corporation KEK CA 20110.."0...*.H.............0..............W&.&....WzD.]...J.t*....m.....Zc2|..O....8..........,............0..H..P.d.Q...O. .../..........Sjb:.C..%..........#..p...M............./...$........J.C...~.G.l......3....*q....<.%./hvF..O...q*X....y=..e;.)*..rY......5......_..v..c...y@.y...R...{.i..........O0..K0...+.....7.......0...U......b.C..>..g..[.U.{..._0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0...EfRC.~X...N.#U.;:"j.0\..U...U0S0Q.O.M.Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`..+........T0R0P..+.....0..Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0...*.H......................*<.*........Rf....uz...-.vZ.y..7jQ{.d..d..g....x....Xd..W..._.....i.HK2..].0.....x..+...4V.....A%p.k............*..K.().{..|..v...y........o~l.{..E.4Q.9..^V.......B..w....qV...#.....X~.ig..~........<......C..-...j+Z|D.R...-...R.....=.`..3....e.....|....N8./....o....9.......'...B.)..FA;..g..CYe......O.u;..$.PA@y.-O.j'vnR..i{......E..S....0..76a.Ji.4.h....l....l"y......F`....!.....y2`....".K...K.}?W5..Ou..`."S..y...A...Tp...5.|.4r..`;.y....]..........%o8.....y..i.... .............uk4....`.\..WN6.2...

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            ad1850a4885628d86273bad743779c9e665db060236270b5d24dd98f3a22fe86
BlobStr:                 ....:=.E.....geo........5.......d.b..Y.....J....\+.r.............MVp...N....I..\0...0..........4.......M..Q[...0...*.H........0k1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1#0!..U....Dell Inc. Key Exchange Key0...160603142606Z..180603143605Z0b1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1.0...U....Dell Inc. UEFI DB0.."0...*.H.............0...........u.....vjsa.E1....S+.....ZE...*~C........f....@[He...?....A...A.....8..5...}...M1.-............Xk...Re...]&/.......f.1W..O.......E..q..."..!kJ){-J1:G...x8.A.....,!g.U.O\.......4]..K....1.....U1.=dP..%.gisJ..=K.)..J..p.2;c .e......,....t.N.....H..#..GQ.........g0e0...U...........0...U.%..0...+.......0...U.#..0..........{...c..<`r..r0...U......].w-..f.U...1.k.0.9.0...*.H...............=..&.).9.m..ty.>........^U8e.o1.QR.........7..5.Cg.n............2.`..b...I..\..|...d..8.]C........;........7^..r.e.u.:....CD..E+...=.<.r..n.o3.s.....Q.X......(j.....D.."?...gfo.@...P...,s=......n.rN.g..@.Q..'.......YX<.A/H"4..&.{.#".....v.....v....0......Y.....J....\+.r@.......$......wY.2M.`(...xK0...0..........a.........0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1;09..U...2Microsoft Corporation Third Party Marketplace Root0...110627212245Z..260627213245Z0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1+0)..U..."Microsoft Corporation UEFI CA 20110.."0...*.H.............0..........lL.E.jK......u.C.Td......}..s....JEa...-...+..MI.A..<.T..........A.\Y.h2..G..q.!O..|.D?..2.&H.u...L.J.~....xwM..........+.Q8]....x...............{@{..('...V^..~.~..D.y9...b.M.8p.h$..3..7.Xi^.|...S..N.*.c.aoc.Y..+y..ag.[.^.....gOqX.".""...Tq..P5Xv...j............v0..r0...+.....7.........0#..+.....7........k..wSJ.%7.N.&{. p.0...U.........C...p...O1n."....0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0...EfRC.~X...N.#U.;:"j.0\..U...U0S0Q.O.M.Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`..+........T0R0P..+.....0..Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0...*.H.............5.B.0...v...hX5)F2v'|..A'B.J.m.8HY.U..X4.....].....A.........]..P...U.B(. ...Q......!.....w..s.....R..P..W..a...m%.@..@...J.M.....T.....+=I+.2.j!iO..~B4.6.... @...%u'.....]..6Tz.P.......t........./..k/.f..#.......3..VK.-.h.....r.......,!L3+..J.h...U2u.j.j<.%.........@Y....Lb.".t..=G.D....45...S.,....q......Df.GT..V........h>.#./^.P....._A.......lu..i.!......M...,wS.%27.lRr....5aj...;.PV.2-....B.'.U...Z..0.T..G.%/.&.A..\.?....[<>?.G.rU.%"..{...*....F........5'b.q....'..Y7`.8...xp..L.......E.e...~i.u......Y.X.Y.....J....\+.r...............wY.2M.`(...xK0...0..........a.vV......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1200..U...)Microsoft Root Certificate Authority 20100...111019184142Z..261019185142Z0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0,..U...%Microsoft Windows Production PCA 20110.."0...*.H.............0....................i..!.i33....T...... ......8....-|by...J?.5 p...k...6u..1..p..7.tF.([.`#,..G.g.Q'.r......;S5|...'......#.o.F..n.<A...?].jM.i.%(\6..C............['.'x0.[*.k".S`.,.h.S..I..a..h.sD]}.T+.y...5]l.+\...#.on.&.6..O.'..2;A.,...w..TN.\...e.C....m.w.Z$.H.........C0..?0...+.....7.......0...U.......).9....x....O..|U.S0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0.....V....\bh.=..[.....0V..U...O0M0K.I.G.Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z..+........N0L0J..+.....0..>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0...*.H...............|qQ.y.n..9>.<R.n+?..s..h.H.4M...&.1F.ay..8.Ek...(..........L.6fj.............@26v..Z..........h.b..TlP0X..|...N...|.sW.R!s4Z...V...........~........?..r.S...c..=1e.........=....B..._T......G.o.sNA.@._..*...s.!(...s9_>.\`..............Q.fG.....=.*h.w..Lb{.....z.4..Kbz.....J7.-.W|..=...Z.......:...n.i!7....u..g..W^).9..-...Es[...z....FX.^...g.l5...?$.5..u...V..x,..............~,c...#!..xl.X..6+.......-....@..E...\k>...p.*.j._G..c.2...6.*pZ.BY.qKW.~...!<.........E.... .......]b..c. .u.w}=.E.....W.o3...w.b.Y~

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            f0bf49c6a2d3e170077f1f66875d6cb9b2aa382060cac5c0b645660bb95bc058
BlobStr:                 ....:=.E.....geo........'.......d.b.x..Y.....J....\+.r............................0..k0..S.......a.j.......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1200..U...)Microsoft Root Certificate Authority 20100...100706204023Z..250706205023Z0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Windows PCA 20100.."0...*.H.............0.........y.:......d*u.s....>..........8|..3U..#f..(HS.....Q.~..&..t.Y......RpZ,.......}.f.o.bnmK./5l..jcZ_...Ma..~1.l..M....8F...sivUi.L...4.....)~.O......rXbVl...dw.Fe)....L....#.._.o,.....r.(.k>...|..yO~.:..p'k............(.sm.T.(L.k]..]3.7.%a4jB.|.:..Y..Bm:P[H..........0...0...+.....7.......0...U.......O......$.......y.7.0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0.....V....\bh.=..[.....0V..U...O0M0K.I.G.Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z..+........N0L0J..+.....0..>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0....U. ...0..0....+.....7..0..0=..+........1http://www.microsoft.com/PKI/docs/CPS/default.htm0@..+.......04.2 ..L.e.g.a.l._.P.o.l.i.c.y._.S.t.a.t.e.m.e.n.t.. .0...*.H..............A....o....;......9..p.d...V.......m.o.S.Z....Fl...TV.<.q.Q.T~....B3...$$...........9V...s...~.P#.V$....../'...........bA.Ht...P...)...+..)y..$......@..._3.T]@...b.MH.nAGR....W:..V....&.`u...b....E.>...[D#c%6wo.[."..#jA..B...%{....7b.......9....5...[...7_S..7..O...kv.......u.,A...........Y.m.N.N....r.V.H..#.......O. .p_.kr. I.w.].....8B......7.P.)......%U.@..d..1..Ty.......3...&maI..%..t..........3.BP..P..b.....|f.....X]...a..../I.>........>.........|..Z......].......r.}.*..8.1.(..L.R..j.}.q...p..?..V....L.&...LP.@..A.6.C(........0......wY.2M.`(...xK...i1.........O..R.m.@..`MA..e.....wY.2M.`(...xK./........r($...E4.[..$k;.}.n..z...wY.2M.`(...xK.......-...*o..s..>d.,N..gyj.......wY.2M.`(...xK63..M...x.bd..Y.W...C.&`H.X....v...wY.2M.`(...xK....Kle.. ..q..R0!.b..<H..k)Z+.....wY.2M.`(...xK..h.AFb..?i..nk.b.0.|o..x.....4....wY.2M.`(...xK...F..d.W.Xm........9y..2t-..S.f...wY.2M.`(...xKX......YC.._%...?.LX.^....)uh..q...wY.2M.`(...xKS.....!.....%.w..]o.....P."..Y.....wY.2M.`(...xK.&.~.jq..$...|.e.,.:{k%}...`.^.....wY.2M.`(...xK.c.(.~.S.d-.}.3..*...`....,2...m...wY.2M.`(...xK)..R.<:..,..n.`|.<.....eu\....JD...wY.2M.`(...xK....i.3@.>..h2.....'%'..=I..r..L...wY.2M.`(...xK.^....T..`.....< ......k......R8...wY.2M.`(...xK....Xdo...y..(....#g....+6...9.....wY.2M.`(...xK.._NQ...x.m...%.......or.xRY.e.&...wY.2M.`(...xK..C...z..0..eu1.{.............ct...wY.2M.`(...xK...9v-.6.=...c.qZ9....F\`.lk.......wY.2M.`(...xK....o)..o3.}r..K....H.:*...?O......wY.2M.`(...xK......!H...62u.>.......[1.R.*.[....wY.2M.`(...xK.o.....N0;t........+.o..t.!...h....wY.2M.`(...xK.N:.[C.....@O.4.=.9bg......#.......wY.2M.`(...xK.34)..b....>.H...-..ImT.....d......wY.2M.`(...xK+..&B...6_.K..'.l..Kzo.D./k..i.9...wY.2M.`(...xK+.,.....'.R..*].I.Z+.R.]fb....U....wY.2M.`(...xK,s.3%.m......<[.UY....P.P...R..}...wY.2M.`(...xK.p.g...sQ.......p.W.2..#....+Q.}...wY.2M.`(...xK0f(.Tw0W(.JF}..8zT.i.v..^u.........wY.2M.`(...xK6......A...wz./.^g.4g^..^i5........wY.2M.`(...xK8A.!6....\...!`9MlN.g`.....b..[....wY.2M.`(...xK?....>..TR..^.....mt:syqU.p.j.>s...wY.2M.`(...xKC......c.|....C.-/....&.z.K..u.....wY.2M.`(...xKG..a'.....:k.,....Zmk.6!h..,.*Z....wY.2M.`(...xKQ.1.s....>..!"...Ty..........0a5...wY.2M.`(...xKZ.I..U...9..[..B.,/.g...g6..A.+\...wY.2M.`(...xKk...x.A....{.^.`..G........r../f...wY.2M.`(...xKl.TG..Y..Q.&.l...+..585.r..........wY.2M.`(...xKo.(.q.......{...d|.e......&..:x^...wY.2M.`(...xKq..o."I~T.Fb.$.... w...h......cu...wY.2M.`(...xKrk>.T.j0..=.....p....p..q.-..,#....wY.2M.`(...xKr...g.].V....;....2.....^/m..(.....wY.2M.`(...xKx'..6,..q}.....C..q.Z..H.[...K.....wY.2M.`(...xK...e....k.).T...S.........;.3......wY.2M.`(...xK..;....C........YA.=...Xo+.V7W_g...wY.2M.`(...xK.Z......~.O..G.q.."8b....:....=....wY.2M.`(...xK..HY.........jag..z.n.F.d.r!.YE....wY.2M.`(...xK..4...........e...;=.<5.P_.{.c.!...wY.2M.`(...xK..........se.(.Q..<.Pm........H....wY.2M.`(...xK...c.....t...M.....so..C.fd..1ZB...wY.2M.`(...xK.Ji.1ah.U....`..........f......4...wY.2M.`(...xK....6U....G'Yyk.. .T...iuLHH.t.....wY.2M.`(...xK../P.N.....~.N....]...o..+...]E....wY.2M.`(...xK.h&..m&...h\..}..;M.=......`.<W ...wY.2M.`(...xK...1Q'.s....g.9.1..g0:3"..7...Z....wY.2M.`(...xK.....},....3:..OgQ.......D..L@.....wY.2M.`(...xK.O..6c..h..;.7........*9..h....U...wY.2M.`(...xK..x...J.3!c..5...,3....p.L.5.'W6...wY.2M.`(...xK.z....._..Km.;..vfh..U$|..(7..L....wY.2M.`(...xK...h..fH.....Q...j.$..y..b.........wY.2M.`(...xK....Gu.....".......F,.....].3......wY.2M.`(...xK......*..(...L....[.'(.a...........wY.2M.`(...xK..3f......T.....s.&.........g......wY.2M.`(...xK.k..@...vX....QJI`O........n.x.....wY.2M.`(...xK.;..Y.|....J...>..$Q?.eYW.5.).@....wY.2M.`(...xK....5.g+6~O...Iia]..J.lrMB.........wY.2M.`(...xK.,".;VB.\....G.YG8......D.oY.......wY.2M.`(...xK..n=)...t=.J..........2@...........wY.2M.`(...xK.c.Ox,..........7`..X.b...f..nm....wY.2M.`(...xK...2...KmH],qgr..RY..\..u."....6...wY.2M.`(...xK...aJ.~.......U.......n.E.AR'..[...wY.2M.`(...xKU....=..HZ..7.?...=.....|....c.....wY.2M.`(...xKw.......^;.....b.x...S^.......k/...wY.2M.`(...xK.<.9"...`tFu.7....Z...G/.4.q.9.....wY.2M.`(...xK;..S>......#...A..r.y....-...6.....wY.2M.`(...xK......Q.3@....H..rRj..R.......`I...wY.2M.`(...xKdW[..x....V.4.R.k...D.xYu..N-d.E...wY.2M.`(...xKE...u...H.7R}d..dM...<..$.M.ig..

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x800000e0
Description:             EV_EFI_EFI_VARIABLE_AUTHORITY
ChecksumSha1:            4d4a8e2c74133bbdc01a16eaf2dbb5d575afeb36f5d8dfcf609ae043909e2ee9
BlobStr:                 ....:=.E.....geo........$.......d.b....wY.2M.`(...xK0...0..........a.........0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1;09..U...2Microsoft Corporation Third Party Marketplace Root0...110627212245Z..260627213245Z0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1+0)..U..."Microsoft Corporation UEFI CA 20110.."0...*.H.............0..........lL.E.jK......u.C.Td......}..s....JEa...-...+..MI.A..<.T..........A.\Y.h2..G..q.!O..|.D?..2.&H.u...L.J.~....xwM..........+.Q8]....x...............{@{..('...V^..~.~..D.y9...b.M.8p.h$..3..7.Xi^.|...S..N.*.c.aoc.Y..+y..ag.[.^.....gOqX.".""...Tq..P5Xv...j............v0..r0...+.....7.........0#..+.....7........k..wSJ.%7.N.&{. p.0...U.........C...p...O1n."....0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0...EfRC.~X...N.#U.;:"j.0\..U...U0S0Q.O.M.Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`..+........T0R0P..+.....0..Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0...*.H.............5.B.0...v...hX5)F2v'|..A'B.J.m.8HY.U..X4.....].....A.........]..P...U.B(. ...Q......!.....w..s.....R..P..W..a...m%.@..@...J.M.....T.....+=I+.2.j!iO..~B4.6.... @...%u'.....]..6Tz.P.......t........./..k/.f..#.......3..VK.-.h.....r.......,!L3+..J.h...U2u.j.j<.%.........@Y....Lb.".t..=G.D....45...S.,....q......Df.GT..V........h>.#./^.P....._A.......lu..i.!......M...,wS.%27.lRr....5aj...;.PV.2-....B.'.U...Z..0.T..G.%/.&.A..\.?....[<>?.G.rU.%"..{...*....F........5'b.q....'..Y7`.8...xp..L.......E.e...~i.u......Y.X

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x800000e0
Description:             EV_EFI_EFI_VARIABLE_AUTHORITY
ChecksumSha1:            f62c9fac51301a643d2b6d95766c163ecd5ccc2ba48136200af546cb8a08f9a0
BlobStr:                 P.]`F..C..=....#........l.......S.h.i.m.0..h0..P.........v..0...*.H........0 1.0...U....Fedora Secure Boot CA0...121207162554Z..221205162554Z0 1.0...U....Fedora Secure Boot CA0.."0...*.H.............0...........R..\>+..U.Zh.-..v...'........']#....u...]......p....{....Q....t..=$x.ys...+.....gJ".d....&....=9....^R..H....).d.!{...{.O.@+.".GN..$.MS.Z.).^}.....y.Ys...H..+p..t.y..#....y.O.O/.c.Mw..,........Q...6g...XV....f.I..h.........[..x.......p..[W.kD.~...Ff...U........0..0N..+........B0@0>..+.....0..2https://fedoraproject.org/wiki/Features/SecureBoot0...U.#..0.....%......X.3]{ ...;B0...U.%..0...+.......0...U........%......X.3]{ ...;B0...*.H.............7w.:A...q;......J...Q......#..4Y....ute..a:.....+...`<q:...9......N..P..P..>.}z..z.g..........n..........aW.......d..T.Wy....Mk..5.....1....`.....$.<.3P.D.q.Q..1..2......S..jA.e...........$....[.$tM.....2.u....>.0....S....~..IA..i.._..<.`.....j.H?.>sw....?.....k

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x800000e0
Description:             EV_EFI_EFI_VARIABLE_AUTHORITY
ChecksumSha1:            f62c9fac51301a643d2b6d95766c163ecd5ccc2ba48136200af546cb8a08f9a0
BlobStr:                 P.]`F..C..=....#........l.......S.h.i.m.0..h0..P.........v..0...*.H........0 1.0...U....Fedora Secure Boot CA0...121207162554Z..221205162554Z0 1.0...U....Fedora Secure Boot CA0.."0...*.H.............0...........R..\>+..U.Zh.-..v...'........']#....u...]......p....{....Q....t..=$x.ys...+.....gJ".d....&....=9....^R..H....).d.!{...{.O.@+.".GN..$.MS.Z.).^}.....y.Ys...H..+p..t.y..#....y.O.O/.c.Mw..,........Q...6g...XV....f.I..h.........[..x.......p..[W.kD.~...Ff...U........0..0N..+........B0@0>..+.....0..2https://fedoraproject.org/wiki/Features/SecureBoot0...U.#..0.....%......X.3]{ ...;B0...U.%..0...+.......0...U........%......X.3]{ ...;B0...*.H.............7w.:A...q;......J...Q......#..4Y....ute..a:.....+...`<q:...9......N..P..P..>.}z..z.g..........n..........aW.......d..T.Wy....Mk..5.....1....`.....$.<.3P.D.q.Q..1..2......S..jA.e...........$....[.$tM.....2.u....>.0....S....~..IA..i.._..<.`.....j.H?.>sw....?......

Reconstructed PCRs:
  0:                     c123beecd7e21f720803a4a4286aa51e1bc1ada4
  1:                     9ed31efe50b675eb1e2180ee42337fb28a57bc9c
  2:                     3a4285c323c5af121f270900e88ffeefb2a34233
  3:                     3a4285c323c5af121f270900e88ffeefb2a34233
  4:                     09e0f52265930defff7e333aeed0a9179a43ff3e
  5:                     51398e344c8dfd7f64fbb086286a646b0b7bc59f
  6:                     c9f300188c6257df9d59000277e5b09f2ad690a0
  7:                     34bbef93ca1ce8f31a934d40607258c1c9390be3

# fwupdmgr security --force
Host Security ID: HSI:1+U (v1.5.0)

HSI-1
✔ MEI manufacturing mode:        Locked
✔ SPI BIOS region:               Locked
✔ SPI lock:                      Enabled
✔ SPI write:                     Disabled
✔ TPM v2.0:                      Found
✔ UEFI dbx:                      Found
✔ UEFI secure boot:              Enabled

HSI-2
✔ IOMMU:                         Enabled
✘ TPM PCR0 reconstruction:       Invalid

HSI-3
✔ Pre-boot DMA protection:       Enabled
✘ Intel CET:                     Not supported
✘ Suspend-to-idle:               Disabled
✘ Suspend-to-ram:                Enabled

HSI-4
✔ Intel AMT:                     Disabled
✘ Encrypted RAM:                 Not supported

Runtime Suffix -U
✔ Firmware updates:              Supported

Runtime Suffix -A
✘ Firmware attestation:          Not supported

Runtime Suffix -!
✔ Linux kernel:                  Untainted
✔ Linux kernel lockdown:         Enabled
✔ Linux swap:                    Encrypted
✔ fwupd plugins:                 Untainted

Host Security ID attributes uploaded successfully, thanks!

# tpm2_pcrread
sha1:
  0 : 0x752B2BF6616B69CAA59CD5BDBFFADA00F23D40B4
  1 : 0xEFD07D491F8A2F56B695DAE5F5C77A86FF7256B4
  2 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236
  3 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236
  4 : 0x3AA42E90A4AE35ACA0A1B5E3AD4A4482965DF37E
  5 : 0xE8AFA43B14D0C2B602BA4D90E5AD2B255BA34C8F
  6 : 0x380AFEA4FA7D8FB2CDA021946E1BBB6DDAF25481
  7 : 0x0F9C6D2615F97A0BDB3B0E80918F173390BD9176
  8 : 0x0000000000000000000000000000000000000000
  9 : 0x0000000000000000000000000000000000000000
  10: 0x6877DFE28E8B9F79DB9C12D3023DD30B72BB9B88
  11: 0x0000000000000000000000000000000000000000
  12: 0x0000000000000000000000000000000000000000
  13: 0x0000000000000000000000000000000000000000
  14: 0x0000000000000000000000000000000000000000
  15: 0x0000000000000000000000000000000000000000
  16: 0x0000000000000000000000000000000000000000
  17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  23: 0x0000000000000000000000000000000000000000
sha256:
  0 : 0x0F65D1B1F0AE5FDA6BD5D71918B7307908DE10DC8AEE09BCF51B14B8E8976D20
  1 : 0xC04CB07F96FFEF69D88B100145770A01ADFB97FDB0FC887CE62F86041A60DA3E
  2 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
  3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
  4 : 0x16A16B50AEE0856E093AAF8C10E313C2C764EEA09009D97600B33B39251C12B5
  5 : 0x411C47151694B2A235CE245B482BE2399157FEDE60F116219A016F0EE37CC57C
  6 : 0x88047A2BF5FA014719FB3E7136E7B847F1E86DF4AF007553F089962EA85ED88A
  7 : 0xB523EC60C0748F15C1F39A60CF582B8BD4A746FF644517984820E771F2475B86
  8 : 0x0000000000000000000000000000000000000000000000000000000000000000
  9 : 0x0000000000000000000000000000000000000000000000000000000000000000
  10: 0xA04FB418325A1773E35B68EB73AF7646A6D80F31F2F82BF4110B6F256F31FE13
  11: 0x0000000000000000000000000000000000000000000000000000000000000000
  12: 0x0000000000000000000000000000000000000000000000000000000000000000
  13: 0x0000000000000000000000000000000000000000000000000000000000000000
  14: 0x0000000000000000000000000000000000000000000000000000000000000000
  15: 0x0000000000000000000000000000000000000000000000000000000000000000
  16: 0x0000000000000000000000000000000000000000000000000000000000000000
  17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  23: 0x0000000000000000000000000000000000000000000000000000000000000000
sha384:
@superm1
Copy link
Member

superm1 commented Jun 15, 2020

A bug with PCR0 reconstruction was identified in fwupd code. This bug has been fixed in the stable branches for all applicable releases: 1_3_X, 1_4_X and master.

Can you please upgrade to a version with the fix, and confirm if this behavior still happens?

@superm1
Copy link
Member

superm1 commented Sep 15, 2020

A new tool bug was recently identified and fixed in master, 1_4_x, and 1_3_X branches. It's not in any released version yet, but will be in 1.5.0 from master, 1.4.7 from 1_4_X and 1.3.12 from 1_3_X in the future.
fwupd/fwupd#2394

Please upgrade to a new version with the patch integrated to confirm if this bug still exists.

@hpvb
Copy link
Author

hpvb commented Oct 27, 2020

Tested on 1.5.0 and I get this now:

WARNING: UEFI ESP partition not detected or configured
Host Security ID: HSI:2 (v1.5.0)

HSI-1
✔ CSME manufacturing mode:       Locked
✔ CSME override:                 Locked
✔ CSME v0:12.0.68.1606:          Valid
✔ Intel DCI debugger:            Disabled
✔ SPI BIOS region:               Locked
✔ SPI lock:                      Enabled
✔ SPI write:                     Disabled
✔ TPM v2.0:                      Found

HSI-2
✔ IOMMU:                         Enabled
✔ Intel BootGuard:               Enabled
✔ Intel BootGuard ACM protected: Valid
✔ Intel BootGuard OTP fuse:      Valid
✔ Intel BootGuard verified boot: Valid
✔ Intel DCI debugger:            Locked
✔ TPM PCR0 reconstruction:       Valid

HSI-3
✔ Intel BootGuard error policy:  Valid
✔ Pre-boot DMA protection:       Enabled
✘ Intel CET Enabled:             Not supported
✘ Suspend-to-idle:               Disabled
✘ Suspend-to-ram:                Enabled

HSI-4
✔ Intel SMAP:                    Enabled
✘ Encrypted RAM:                 Not supported

Runtime Suffix -U
✘ Firmware updates:              Not supported

Runtime Suffix -A
✘ Firmware attestation:          Not supported

Runtime Suffix -!
✔ Linux kernel:                  Untainted
✔ Linux kernel lockdown:         Enabled
✔ Linux swap:                    Encrypted
✔ fwupd plugins:                 Untainted

So it looks OK to me!

@hpvb hpvb closed this as completed Oct 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@superm1 @hpvb