| 24 Sep 2023 |
 flokli | This smells like a firmware issue/mistake a bunch of vendors initially did as well | 08:02:10 |
| flokli | the order of things tried out (and skipped over) shouldn't affect measurements, if it does, it's a bug in the firmware | 08:02:37 |
 raitobezarius | But if elvish is trying this in a VM | 10:07:42 |
| raitobezarius | This is OVMF | 10:07:44 |
| raitobezarius | So kinda EDK2 | 10:07:51 |
| raitobezarius | So all the firmware in the world | 10:07:55 |
| raitobezarius | I can pull out the code later | 10:08:19 |
| raitobezarius | I am used to read EDK2 now | 10:08:24 |
 ElvishJerricco | flokli: yea that's rough if OVMF has this bug :P | 20:48:48 |
| flokli | maybe that | 22:07:33 |
| flokli | * maybe that's why it's broken in all vendor firmwares ;-) | 22:07:41 |
| flokli | * maybe that's why it is/was broken in all vendor firmwares ;-) | 22:07:50 |
| 25 Sep 2023 |
|  bertof joined the room. | 10:43:50 |
 baloo | Scream if you need us to send water or food down there | 18:17:21 |
|  maka-77x joined the room. | 23:24:13 |
| 26 Sep 2023 |
 Roos | I was reading lanzaboote's readme:
> An optimistic plan is to have a "in-tree" feature preview of Lanzaboote as part of NixOS 23.11.
:D | 04:25:48 |
| Roos | Anywho, I would like to understand exactly what measurements go into what TPM registry and where it's implemented (firmware, lanzaboote-stub, kernel or anything really). | 04:28:59 |
| 28 Sep 2023 |
| ElvishJerricco | In reply to @roosemberth:orbstheorem.ch
Anywho, I would like to understand exactly what measurements go into what TPM registry and where it's implemented (firmware, lanzaboote-stub, kernel or anything really). https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/ | 06:23:40 |
| raitobezarius |
18:32 ▬▬▶ jakogut (~oftc-webi@172-223-248-144.res.spectrum.com) a rejoint #edk2
18:36 <jakogut> Hello, I'm working on a Linux-based OS integrating secure boot and disk encryption using the TPM to encrypt the LUKS passphrase. It's working with a NUC, but with QEMU and OVMF, the digest of PCR7 isn't matching what I expect. Strangely, it seems the TPM event log isn't created in securityfs in QEMU. Even stranger, booting an Arch ISO with the exact same QEMU config creates it just fine.
18:39 <jakogut> Reviewing the kernel logs, it seems the only difference is the line starting with "efi:" on the system with the working event log shows the address of TPMEventLog in addition to TPMFinalLog, whereas the non-working system shows only "TPMFinalLog".
18:40 <jakogut> Any ideas on what may be going wrong here? If I can get the TPM event log working on this QEMU system, it'll get me a lot closer to debugging the unexpected PCR hash.
| 19:49:16 |
| raitobezarius | very fresh from #edk2 | 19:49:19 |
| 30 Sep 2023 |
|  Andreas Fjärrwall joined the room. | 21:05:53 |
| 10 Oct 2023 |
|  daniel joined the room. | 08:19:01 |
| 11 Oct 2023 |
|  Madoura changed their profile picture. | 05:35:19 |
| 18 Oct 2023 |
|  Paul Meyer (katexochen) joined the room. | 04:32:36 |
| 23 Oct 2023 |
|  globin joined the room. | 09:51:39 |
| globin set a profile picture. | 14:27:39 |
| 25 Oct 2023 |
|  @federicodschonborn:matrix.org changed their profile picture. | 00:12:38 |
| 27 Oct 2023 |
| @federicodschonborn:matrix.org changed their profile picture. | 01:24:15 |
| 8 Nov 2023 |
|  Alexandre left the room. | 08:40:33 |
| 15 Nov 2023 |
|  @grahamc:nixos.orgchanged room power levels. | 16:13:19 |
