Dell XPS 13 9300 - TPM PCR0 differs from reconstruction

robotmaxtron commented 4 years ago

Describe the bug fwupdmgr get-devices shows an update error.

Update Error: TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction

Steps to Reproduce Fresh installation of Ubuntu 20.04 on Dell XPS 13 9300

Expected behavior No errors

fwupd version information Please provide the version of the daemon and client.

client version: 1.3.9
compile-time dependency versions
    gusb:   0.3.4
    efivar: 37
daemon version: 1.3.9

Installed as part of the normal Ubuntu installer

fwupd device information Please provide the output of the fwupd devices recognized in your system.

XPS 13 9300
│
├─Thunderbolt Controller:
│     Device ID:           616618c1a56eae6fe6cb9715359364e08110dcb5
│     Summary:             Unmatched performance for high-speed I/O
│     Current version:     75.00
│     Update Error:        Missing non-active nvmem
│     GUID:                e72e778e-94f7-5ed2-b560-1c1262ee217c
│     Device Flags:        • Internal device
│                          • Requires AC power
│   
├─Thunderbolt Controller:
│     Device ID:           e841ee543b2f10cc90292f884df14d3882bb32b0
│     Summary:             Unmatched performance for high-speed I/O
│     Current version:     75.00
│     Update Error:        Missing non-active nvmem
│     GUID:                e72e778e-94f7-5ed2-b560-1c1262ee217c
│     Device Flags:        • Internal device
│                          • Requires AC power
│   
├─BC501 NVMe SK hynix 256GB:
│     Device ID:           ac1ce3be70e444b92f99fe08c9b957efb9d0ee53
│     Summary:             NVM Express Solid State Drive
│     Current version:     80002C00
│     Vendor:              SK hynix (NVME:0x1C5C)
│     GUIDs:               b637d847-48b0-519f-a4f1-ed2b8535d300
│                          da85e71f-d425-e811-b467-0ed5f89f718b
│     Device Flags:        • Internal device
│                          • Updatable
│                          • Requires AC power
│                          • Needs a reboot after installation
│                          • Device is usable for the duration of the update
│   
├─Integrated Webcam HD:
│     Device ID:           4295296d98b3ba38c72f6baa33d24f03a1d428f6
│     Current version:     91.58
│     Vendor:              CN0PW36V8LG0099B00DPX02 (USB:0x0BDA)
│     GUIDs:               bba32a58-5e20-5d64-bc15-287159bdaf46
│                          14e94ffe-f85a-5645-9af7-705464a66c8c
│     Device Flags:        • Updatable
│   
├─Iris Plus Graphics G7:
│     Device ID:           bbbf1ce3d1cf15550c3760b354592040292415bb
│     Current version:     07
│     Vendor:              Intel Corporation (PCI:0x8086)
│     GUIDs:               c213be4c-faf8-5fe6-9430-b458722b2656
│                          43ede583-c357-55e5-854d-f6f15dab900d
│     Device Flags:        • Internal device
│                          • Cryptographic hash verification is available
│   
├─System Firmware:
│     Device ID:           f2f44dcc012cdad82b823131f5c85ebfb74d782e
│     Current version:     1.0.7
│     Minimum Version:     1.0.7
│     Vendor:              Dell Inc. (DMI:Dell Inc.)
│     Update Error:        TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
│     GUID:                e8292593-e66e-4878-b051-f152535ab130
│     Device Flags:        • Internal device
│                          • Updatable
│                          • Requires AC power
│                          • Supported on remote server
│                          • Needs a reboot after installation
│                          • Cryptographic hash verification is available
│                          • Device is usable for the duration of the update
│   
├─TPM 2.0:
│ │   Device ID:           c6a80ac3a22083423992a3cb15018989f37834d6
│ │   Summary:             Platform TPM device
│ │   Current version:     0.74.0.8
│ │   Vendor:              Dell Inc. (PCI:0x1028)
│ │   GUIDs:               02a963b2-82d6-5ab7-bd72-bcd6c2113772
│ │                        ff71992e-52f7-5eea-94ef-883e56e034c6
│ │                        73730635-f6c2-53da-9df2-948bb5ac1022
│ │   Device Flags:        • Internal device
│ │                        • Updatable
│ │                        • Requires AC power
│ │                        • Needs a reboot after installation
│ │ 
│ └─Event Log:
│       Device ID:         58bd405f31c48e6eca290b425f530a94c91e955c
│       Vendor:            Dell Inc. (PCI:0x1028)
│       GUID:              a25657fe-b5dc-5be0-8b78-8b9dfec678ff
│       Device Flags:      • Internal device
│     
└─Touchpad:
      Device ID:           43284a5278d905c164569e3a3edd06c6c4aa613b
      Current version:     1.3.3040414
      Bootloader Version:  54.0
      Vendor:              Synaptics (HIDRAW:0x06CB)
      GUIDs:               76018764-887c-558b-a6c0-ae31e4522d98
                           f6982c83-dec9-5961-a250-384441c12205
                           d69eed5b-0b5e-53c7-ac04-8e7a672f0365
                           913a517f-55c6-5f1d-b018-405af36fcbc0
      Device Flags:        • Internal device
                           • Updatable

System UEFI configuration Please provide the output of the following commands:

BootCurrent: 0001
Timeout: 0 seconds
BootOrder: 0001,0004,0000,0002
Boot0000* UEFI BC501 NVMe SK hynix 256GB NJ01N4223120Y1A4G 1    PciRoot(0x0)/Pci(0x1d,0x0)/Pci(0x0,0x0)/NVMe(0x1,00-00-00-00-00-00-00-00)/HD(1,GPT,4cbcd579-d09e-4b0c-b393-e2f565ab963c,0x800,0x100000)/File(\EFI\Boot\BootX64.efi)N.....YM....R,Y.
Boot0001* ubuntu    HD(1,GPT,4cbcd579-d09e-4b0c-b393-e2f565ab963c,0x800,0x100000)/File(\EFI\ubuntu\shimx64.efi)
Boot0002* Linux Firmware Updater    HD(1,GPT,4cbcd579-d09e-4b0c-b393-e2f565ab963c,0x800,0x100000)/File(\EFI\ubuntu\shimx64.efi)\.f.w.u.p.d.x.6.4...e.f.i...
Boot0004* Fedora    HD(1,GPT,5b6989df-9009-43c1-9356-06c63838d25b,0x800,0x12c000)/File(\EFI\fedora\shimx64.efi)

0abba7dc-e516-4167-bbf5-4d9d1c739416-fwupd-e8292593-e66e-4878-b051-f152535ab130-0
0abba7dc-e516-4167-bbf5-4d9d1c739416-fwupd-ux-capsule

/boot
├── config-5.4.0-1002-oem
├── config-5.4.0-21-generic
├── efi [error opening dir]
├── grub
│   ├── fonts
│   │   └── unicode.pf2
│   ├── gfxblacklist.txt
│   ├── grub.cfg
│   ├── grubenv
│   ├── unicode.pf2
│   └── x86_64-efi
│       ├── acpi.mod
│       ├── adler32.mod
│       ├── affs.mod
│       ├── afs.mod
│       ├── ahci.mod
│       ├── all_video.mod
│       ├── aout.mod
│       ├── appleldr.mod
│       ├── archelp.mod
│       ├── ata.mod
│       ├── at_keyboard.mod
│       ├── backtrace.mod
│       ├── bfs.mod
│       ├── bitmap.mod
│       ├── bitmap_scale.mod
│       ├── blocklist.mod
│       ├── boot.mod
│       ├── bsd.mod
│       ├── bswap_test.mod
│       ├── btrfs.mod
│       ├── bufio.mod
│       ├── cat.mod
│       ├── cbfs.mod
│       ├── cbls.mod
│       ├── cbmemc.mod
│       ├── cbtable.mod
│       ├── cbtime.mod
│       ├── chain.mod
│       ├── cmdline_cat_test.mod
│       ├── cmp.mod
│       ├── cmp_test.mod
│       ├── command.lst
│       ├── configfile.mod
│       ├── core.efi
│       ├── cpio_be.mod
│       ├── cpio.mod
│       ├── cpuid.mod
│       ├── crc64.mod
│       ├── cryptodisk.mod
│       ├── crypto.lst
│       ├── crypto.mod
│       ├── cs5536.mod
│       ├── ctz_test.mod
│       ├── datehook.mod
│       ├── date.mod
│       ├── datetime.mod
│       ├── diskfilter.mod
│       ├── disk.mod
│       ├── div.mod
│       ├── div_test.mod
│       ├── dm_nv.mod
│       ├── echo.mod
│       ├── efifwsetup.mod
│       ├── efi_gop.mod
│       ├── efinet.mod
│       ├── efi_uga.mod
│       ├── ehci.mod
│       ├── elf.mod
│       ├── eval.mod
│       ├── exfat.mod
│       ├── exfctest.mod
│       ├── ext2.mod
│       ├── extcmd.mod
│       ├── f2fs.mod
│       ├── fat.mod
│       ├── file.mod
│       ├── fixvideo.mod
│       ├── font.mod
│       ├── fshelp.mod
│       ├── fs.lst
│       ├── functional_test.mod
│       ├── gcry_arcfour.mod
│       ├── gcry_blowfish.mod
│       ├── gcry_camellia.mod
│       ├── gcry_cast5.mod
│       ├── gcry_crc.mod
│       ├── gcry_des.mod
│       ├── gcry_dsa.mod
│       ├── gcry_idea.mod
│       ├── gcry_md4.mod
│       ├── gcry_md5.mod
│       ├── gcry_rfc2268.mod
│       ├── gcry_rijndael.mod
│       ├── gcry_rmd160.mod
│       ├── gcry_rsa.mod
│       ├── gcry_seed.mod
│       ├── gcry_serpent.mod
│       ├── gcry_sha1.mod
│       ├── gcry_sha256.mod
│       ├── gcry_sha512.mod
│       ├── gcry_tiger.mod
│       ├── gcry_twofish.mod
│       ├── gcry_whirlpool.mod
│       ├── geli.mod
│       ├── gettext.mod
│       ├── gfxmenu.mod
│       ├── gfxterm_background.mod
│       ├── gfxterm_menu.mod
│       ├── gfxterm.mod
│       ├── gptsync.mod
│       ├── grub.efi
│       ├── gzio.mod
│       ├── halt.mod
│       ├── hashsum.mod
│       ├── hdparm.mod
│       ├── hello.mod
│       ├── help.mod
│       ├── hexdump.mod
│       ├── hfs.mod
│       ├── hfspluscomp.mod
│       ├── hfsplus.mod
│       ├── http.mod
│       ├── iorw.mod
│       ├── iso9660.mod
│       ├── jfs.mod
│       ├── jpeg.mod
│       ├── keylayouts.mod
│       ├── keystatus.mod
│       ├── ldm.mod
│       ├── legacycfg.mod
│       ├── legacy_password_test.mod
│       ├── linux16.mod
│       ├── linuxefi.mod
│       ├── linux.mod
│       ├── loadbios.mod
│       ├── load.cfg
│       ├── loadenv.mod
│       ├── loopback.mod
│       ├── lsacpi.mod
│       ├── lsefimmap.mod
│       ├── lsefi.mod
│       ├── lsefisystab.mod
│       ├── lsmmap.mod
│       ├── ls.mod
│       ├── lspci.mod
│       ├── lssal.mod
│       ├── luks.mod
│       ├── lvm.mod
│       ├── lzopio.mod
│       ├── macbless.mod
│       ├── macho.mod
│       ├── mdraid09_be.mod
│       ├── mdraid09.mod
│       ├── mdraid1x.mod
│       ├── memdisk.mod
│       ├── memrw.mod
│       ├── minicmd.mod
│       ├── minix2_be.mod
│       ├── minix2.mod
│       ├── minix3_be.mod
│       ├── minix3.mod
│       ├── minix_be.mod
│       ├── minix.mod
│       ├── mmap.mod
│       ├── moddep.lst
│       ├── modinfo.sh
│       ├── morse.mod
│       ├── mpi.mod
│       ├── msdospart.mod
│       ├── mul_test.mod
│       ├── multiboot2.mod
│       ├── multiboot.mod
│       ├── nativedisk.mod
│       ├── net.mod
│       ├── newc.mod
│       ├── nilfs2.mod
│       ├── normal.mod
│       ├── ntfscomp.mod
│       ├── ntfs.mod
│       ├── odc.mod
│       ├── offsetio.mod
│       ├── ohci.mod
│       ├── part_acorn.mod
│       ├── part_amiga.mod
│       ├── part_apple.mod
│       ├── part_bsd.mod
│       ├── part_dfly.mod
│       ├── part_dvh.mod
│       ├── part_gpt.mod
│       ├── partmap.lst
│       ├── part_msdos.mod
│       ├── part_plan.mod
│       ├── part_sun.mod
│       ├── part_sunpc.mod
│       ├── parttool.lst
│       ├── parttool.mod
│       ├── password.mod
│       ├── password_pbkdf2.mod
│       ├── pata.mod
│       ├── pbkdf2.mod
│       ├── pbkdf2_test.mod
│       ├── pcidump.mod
│       ├── pgp.mod
│       ├── play.mod
│       ├── png.mod
│       ├── priority_queue.mod
│       ├── probe.mod
│       ├── procfs.mod
│       ├── progress.mod
│       ├── raid5rec.mod
│       ├── raid6rec.mod
│       ├── random.mod
│       ├── rdmsr.mod
│       ├── read.mod
│       ├── reboot.mod
│       ├── regexp.mod
│       ├── reiserfs.mod
│       ├── relocator.mod
│       ├── romfs.mod
│       ├── scsi.mod
│       ├── search_fs_file.mod
│       ├── search_fs_uuid.mod
│       ├── search_label.mod
│       ├── search.mod
│       ├── serial.mod
│       ├── setjmp.mod
│       ├── setjmp_test.mod
│       ├── setpci.mod
│       ├── sfs.mod
│       ├── shift_test.mod
│       ├── shim_lock.mod
│       ├── signature_test.mod
│       ├── sleep.mod
│       ├── sleep_test.mod
│       ├── smbios.mod
│       ├── spkmodem.mod
│       ├── squash4.mod
│       ├── strtoull_test.mod
│       ├── syslinuxcfg.mod
│       ├── tar.mod
│       ├── terminal.lst
│       ├── terminal.mod
│       ├── terminfo.mod
│       ├── test_blockarg.mod
│       ├── testload.mod
│       ├── test.mod
│       ├── testspeed.mod
│       ├── tftp.mod
│       ├── tga.mod
│       ├── time.mod
│       ├── tpm.mod
│       ├── trig.mod
│       ├── tr.mod
│       ├── true.mod
│       ├── udf.mod
│       ├── ufs1_be.mod
│       ├── ufs1.mod
│       ├── ufs2.mod
│       ├── uhci.mod
│       ├── usb_keyboard.mod
│       ├── usb.mod
│       ├── usbms.mod
│       ├── usbserial_common.mod
│       ├── usbserial_ftdi.mod
│       ├── usbserial_pl2303.mod
│       ├── usbserial_usbdebug.mod
│       ├── usbtest.mod
│       ├── verifiers.mod
│       ├── video_bochs.mod
│       ├── video_cirrus.mod
│       ├── video_colors.mod
│       ├── video_fb.mod
│       ├── videoinfo.mod
│       ├── video.lst
│       ├── video.mod
│       ├── videotest_checksum.mod
│       ├── videotest.mod
│       ├── wrmsr.mod
│       ├── xfs.mod
│       ├── xnu.mod
│       ├── xnu_uuid.mod
│       ├── xnu_uuid_test.mod
│       ├── xzio.mod
│       ├── zfscrypt.mod
│       ├── zfsinfo.mod
│       ├── zfs.mod
│       └── zstd.mod
├── initrd.img -> initrd.img-5.4.0-21-generic
├── initrd.img-5.4.0-21-generic
├── initrd.img.old -> initrd.img-5.4.0-21-generic
├── lost+found [error opening dir]
├── memtest86+.bin
├── memtest86+.elf
├── memtest86+_multiboot.bin
├── System.map-5.4.0-1002-oem
├── System.map-5.4.0-21-generic
├── vmlinuz -> vmlinuz-5.4.0-21-generic
├── vmlinuz-5.4.0-21-generic
└── vmlinuz.old -> vmlinuz-5.4.0-21-generic

5 directories, 295 files

Additional questions

Operating system and version: Ubuntu 20.04
Have you tried rebooting? Yes
Is this a regression? Unknown, I can't recall if it always reported the error.
Are you using an NVMe disk? Yes
Is secure boot enabled? Yes

I've attached output from /usr/bin/fwupdtpmevlog as suggested. fwupdtpmevlog.txt

superm1 commented 4 years ago

Thanks for reporting this. I'll ask for someone internally at Dell to investigate it.

smithsos commented 4 years ago

Same issue on my install. Was present in 1.0.7 and persists after update to 1.0.11.

XPS 13 9300 │ ├─Thunderbolt Controller: │ Device ID: 44a608582e1a34b95c4763f982a3424531e8a2db │ Summary: Unmatched performance for high-speed I/O │ Current version: 80.00 │ Update Error: Missing non-active nvmem │ GUID: e72e778e-94f7-5ed2-b560-1c1262ee217c │ Device Flags: • Internal device │ • Requires AC power │
├─Thunderbolt Controller: │ Device ID: 3ff580cb8f0b9f3e462f70a049ccdf3ee6d4f578 │ Summary: Unmatched performance for high-speed I/O │ Current version: 80.00 │ Update Error: Missing non-active nvmem │ GUID: e72e778e-94f7-5ed2-b560-1c1262ee217c │ Device Flags: • Internal device │ • Requires AC power │
├─Integrated Webcam HD: │ Device ID: 4295296d98b3ba38c72f6baa33d24f03a1d428f6 │ Current version: 96.28 │ Vendor: CN0PW36V8LG00032A1WKA00 (USB:0x0BDA) │ GUIDs: d784b200-4ead-55f2-8277-15e1618cbe7b │ 9a1becb6-4d9f-5855-99d0-145b1700da10 │ d35eb209-22f9-59a5-a918-33d7307edab9 │ Device Flags: • Updatable │
├─PC611 NVMe SK hynix 512GB: │ Device ID: ac1ce3be70e444b92f99fe08c9b957efb9d0ee53 │ Summary: NVM Express Solid State Drive │ Current version: 11000111 │ Vendor: SK hynix (NVME:0x1C5C) │ GUIDs: 919c0a0c-88f2-518c-be84-39f0c34c5104 │ 89f21a68-b326-11e9-a2a3-2a2ae2dbcce4 │ Device Flags: • Internal device │ • Updatable │ • Requires AC power │ • Needs a reboot after installation │ • Device is usable for the duration of the update │
├─System Firmware: │ Device ID: f2f44dcc012cdad82b823131f5c85ebfb74d782e │ Current version: 1.0.11 │ Minimum Version: 1.0.11 │ Vendor: Dell Inc. (DMI:Dell Inc.) │ Update Error: TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction │ GUID: e8292593-e66e-4878-b051-f152535ab130 │ Device Flags: • Internal device │ • Updatable │ • Requires AC power │ • Supported on remote server │ • Needs a reboot after installation │ • Cryptographic hash verification is available │ • Device is usable for the duration of the update │
├─TPM 2.0: │ Device ID: c6a80ac3a22083423992a3cb15018989f37834d6 │ Summary: Platform TPM device │ Current version: 0.74.0.8 │ Vendor: Dell Inc. (PCI:0x1028) │ Update Error: Updating disabled due to TPM ownership │ GUIDs: 02a963b2-82d6-5ab7-bd72-bcd6c2113772 │ ff71992e-52f7-5eea-94ef-883e56e034c6 │ 73730635-f6c2-53da-9df2-948bb5ac1022 │ Device Flags: • Internal device │ • Requires AC power │
└─Touchpad: Device ID: 43284a5278d905c164569e3a3edd06c6c4aa613b Current version: 1.3.3040414 Bootloader Version: 54.0 Vendor: Synaptics (HIDRAW:0x06CB) GUIDs: 76018764-887c-558b-a6c0-ae31e4522d98 f6982c83-dec9-5961-a250-384441c12205 d69eed5b-0b5e-53c7-ac04-8e7a672f0365 913a517f-55c6-5f1d-b018-405af36fcbc0 Device Flags: • Internal device • Updatable

fwupdtpmevlog.log

superm1 commented 4 years ago

A bug with PCR0 reconstruction was identified in fwupd code. This bug has been fixed in the stable branches for all applicable releases: 1_3_X, 1_4_X and master.

Can you please upgrade to a version with the fix, and confirm if this behavior still happens?

superm1 commented 4 years ago

A new tool bug was recently identified and fixed in master, 1_4_x, and 1_3_X branches. It's not in any released version yet, but will be in 1.5.0 from master, 1.4.7 from 1_4_X and 1.3.12 from 1_3_X in the future. https://github.com/fwupd/fwupd/pull/2394

Please upgrade to a new version with the patch integrated to confirm if this bug still exists.

stephanmg commented 3 years ago

Hi @superm1,

I see the same error on my Dell XPS 13 9300.

My version is 1.3.11-1~focal1 on Ubuntu 20.04.2 LTS. I think this version is too old on Ubuntu, correct?

Is this fixed in the versions you mentioned above?

Stephan

superm1 commented 3 years ago

Yeah you need 1.3.12 in the 1_3_X series.

fwupd / firmware-dell

Dell XPS 13 9300 - TPM PCR0 differs from reconstruction #20