systemd version the issue has been seen with
254-1-arch
Used distribution
Arch Linux
Linux kernel version used
6.4.3-zen1-2-zen
CPU architectures issue was seen on
x86_64
Component
other
Expected behaviour you didn't see
When booting from a initrd-only UKI, the output from systemd-measure status after booted should match the output from ukify --measure or systemd-measure sign during the offline build phase.
Unexpected behaviour you saw
The final PCR values differ from what the build phase calculates.
Steps to reproduce the problem
ukify build:
cat {amd-ucode.img,intel-ucode.img} initramfs.cpio.zstd > initrd
/usr/lib/systemd/ukify build \
--linux=vmlinuz \
--initrd=initrd \
--secureboot-private-key=DB.key
--secureboot-certificate=DB.crt
--pcr-private-key=tpm2-pcr-private.pem
--pcr-public-key=tpm2-pcr-public.pem
--pcr-banks=sha1,sha256
--sign-kernel
--cmdline="@cmdline" \
--os-release="@os-release" \
--measure \
--output=bootx64.efi | tee ukify.logBoot the system (I used systemd-boot to load the UKI with auto detection), then show the real PCR values with systemd-measure status. Tried booting the same UKI from QEMU+swtpm or a real computer, the resulting PCR11 hash is the same, so I suspect the measurement process is good and reproducable. (PCR12 differs between QEMU and real hardware; I'm still investigating)
I suspect there are some differences when booting from an initrd-only system. In my build, systemd-pcrphase-sysinit.service and systemd-pcrphase.service is started (exited) when the system finishes booting, but systemd-pcrphase-initrd.service is not loaded at all.
I've tried adding ukify args like --phases="sysinit sysinit:ready" (and a lot other possible combinations), the hashes changed, but still differs from a real boot.
Additional program output to the terminal or log subsystem illustrating the issue
No response
systemd version the issue has been seen with
254-1-arch
Used distribution
Arch Linux
Linux kernel version used
6.4.3-zen1-2-zen
CPU architectures issue was seen on
x86_64
Component
other
Expected behaviour you didn't see
When booting from a initrd-only UKI, the output from
systemd-measure statusafter booted should match the output fromukify --measureorsystemd-measure signduring the offline build phase.Unexpected behaviour you saw
The final PCR values differ from what the build phase calculates.
Steps to reproduce the problem
ukify build:
cat {amd-ucode.img,intel-ucode.img} initramfs.cpio.zstd > initrd /usr/lib/systemd/ukify build \ --linux=vmlinuz \ --initrd=initrd \ --secureboot-private-key=DB.key --secureboot-certificate=DB.crt --pcr-private-key=tpm2-pcr-private.pem --pcr-public-key=tpm2-pcr-public.pem --pcr-banks=sha1,sha256 --sign-kernel --cmdline="@cmdline" \ --os-release="@os-release" \ --measure \ --output=bootx64.efi | tee ukify.logBoot the system (I used systemd-boot to load the UKI with auto detection), then show the real PCR values with
systemd-measure status. Tried booting the same UKI from QEMU+swtpm or a real computer, the resulting PCR11 hash is the same, so I suspect the measurement process is good and reproducable. (PCR12 differs between QEMU and real hardware; I'm still investigating)I suspect there are some differences when booting from an initrd-only system. In my build,
systemd-pcrphase-sysinit.serviceandsystemd-pcrphase.serviceis started (exited) when the system finishes booting, butsystemd-pcrphase-initrd.serviceis not loaded at all.I've tried adding ukify args like
--phases="sysinit sysinit:ready"(and a lot other possible combinations), the hashes changed, but still differs from a real boot.Additional program output to the terminal or log subsystem illustrating the issue
No response