search

fwupd / firmware-dell

Missing firmware for Dell hardware
27 stars 4 forks source link

Precision 7740 PCR0 reconstruction fails #23

Closed hpvb closed 4 years ago

hpvb commented 4 years ago

Probably related to #21 but here goes:

I have no idea if this used to work with older firmware versions. I only found out today this is a problem on this machine.

# fwupdmgr get-devices
Precision 7740
│
├─Thunderbolt Controller:
│     Device ID:           77954416d56a4d84c7830c713a347c3b74d5fa7d
│     Summary:             Unmatched performance for high-speed I/O
│     Current version:     41.01
│     Vendor:              Dell (TBT:0x00D4)
│     GUIDs:               49c8274e-bc6a-5707-a197-ca0c9a35bda0 ← THUNDERBOLT\VEN_00D4&DEV_0927&REV_00
│                          3f759afe-e19e-5d26-bb64-0aad84c82ac3 ← THUNDERBOLT\VEN_00D4&DEV_0927
│                          81db9688-b112-5e24-9f92-e96f05770934 ← TBT-00d40927-native
│                          1707b992-6eb5-5913-8601-6ac003d0f6c1 ← TBT-00d40927-native-controller0-0
│     Device Flags:        • Internal device
│                          • Updatable
│                          • Requires AC power
│                          • Device stages updates
│   
├─KXG50PNV2T04 NVMe KIOXIA 2048GB:
│     Device ID:           03281da317dccd2b18de2bd1cc70a782df40ed7e
│     Summary:             NVM Express Solid State Drive
│     Current version:     AFDA4105
│     Vendor:              Toshiba Corporation (NVME:0x1179)
│     Serial Number:       X9OA21YFKKTL
│     GUIDs:               af8d42da-167c-546a-9294-c1502f6ccbab ← NVME\VEN_1179&DEV_0116&REV_00
│                          4d0aed03-a30c-52c6-99e7-a8977797c3d9 ← NVME\VEN_1179&DEV_0116
│                          82cb5521-56c1-59fd-92ff-6efc210afb7e ← KXG50PNV2T04 NVMe KIOXIA 2048GB
│     Device Flags:        • Internal device
│                          • Updatable
│                          • Requires AC power
│                          • Needs a reboot after installation
│                          • Device is usable for the duration of the update
│   
├─System Firmware:
│     Device ID:           cac9de2369fa3c52f34448afb98d95c9d18cc6d4
│     Current version:     1.8.2
│     Minimum Version:     1.8.2
│     Vendor:              Dell Inc. (DMI:Dell Inc.)
│     Update Message:      TPM PCR0 differs from reconstruction, please see https://github.com/fwupd/fwupd/wiki/TPM-PCR0-differs-from-reconstruction
│     GUIDs:               74992bad-d49d-4f82-bb77-bbe865bea34e
│                          230c8b18-8d9b-53ec-838b-6cfc0383493a ← main-system-firmware
│                          c2b8844c-c82e-5ce5-8dda-753d175d8e31 ← UEFI\RES_{74992BAD-D49D-4F82-BB77-BBE865BEA34E}
│     Device Flags:        • Internal device
│                          • Updatable
│                          • Requires AC power
│                          • Supported on remote server
│                          • Needs a reboot after installation
│                          • Cryptographic hash verification is available
│                          • Device is usable for the duration of the update
│   
└─TPM 2.0:
      Device ID:           c6a80ac3a22083423992a3cb15018989f37834d6
      Summary:             Platform TPM device
      Current version:     7.2.1.0
      Vendor:              Dell Inc. (PCI:0x1028)
      GUIDs:               ac28967e-88af-5d62-b69e-0671a22a0a7e ← 0927-2.0
                           ff71992e-52f7-5eea-94ef-883e56e034c6 ← system-tpm
                           7d65b10b-bb24-552d-ade5-590b3b278188 ← DELL-TPM-2.0-NTC-NPCT
                           6f5ddd3a-8339-5b2a-b9a6-cf3b92f6c86d ← DELL-TPM-2.0-NTC-NPCT75x
                           fe462d4a-e48f-5069-9172-47330fc5e838 ← DELL-TPM-2.0-NTC-NPCT75xrls
      Device Flags:        • Internal device
                           • Updatable
                           • Requires AC power
                           • Needs a reboot after installation
# /usr/bin/fwupdtpmevlog
PCR:                     BIOS (0)
Type:                    0x7
Description:             EV_S_CRTM_CONTENTS
ChecksumSha1:            f9f303b8105442379214f915ca0ac5e5dac136ef6cfbe03b0bcec711f30a164f
BlobStr:                 Boot Guard Measured S-CRTM.

PCR:                     BIOS (0)
Type:                    0x8
Description:             EV_S_CRTM_VERSION
ChecksumSha1:            d4720b4009438213b803568017f903093f6bea8ab47d283db32b6eabedbbf155
BlobStr:                 ..kT..U@..N....:

PCR:                     BIOS (0)
Type:                    0x1
Description:             EV_POST_CODE
ChecksumSha1:            b2f635b3687b3b44b685d186dc29a2e24d6c910a073587a4bb8c751a287c5889
BlobStr:                 ..........c.....

PCR:                     BIOS (0)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     BIOS Configuration (1)
Type:                    0x80000009
Description:             EV_EFI_HANDOFF_TABLES
ChecksumSha1:            0f57271e82d06cab06e58b458ad63bb406d375525694b1ee692fafb341bd7431
BlobStr:                 ...........? boD.....|....HO....

PCR:                     BIOS Configuration (1)
Type:                    0x80000009
Description:             EV_EFI_HANDOFF_TABLES
ChecksumSha1:            7b191f8c083870c0d0e891c4eeb7ecc7e12aca760f54e0efd45676adad8050f5
BlobStr:                 ...........? boD.....|....HO....

PCR:                     BIOS Configuration (1)
Type:                    0xa
Description:             EV_PLATFORM_CONFIG_FLAGS
ChecksumSha1:            75c83c0f2ff553a2bdb0457a45a3fa482b425b2ee19ef6f758e1a4310e9b65d1
BlobStr:                 ..........0........."....#...................B....J..............a....`...._....D$..................|.........x....7....)....#...."....$....b..............2.........

PCR:                     BIOS Configuration (1)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     BIOS Configuration (1)
Type:                    0x80000002
Description:             EV_EFI_VARIABLE_BOOT
ChecksumSha1:            76e427692bee45236c7a0792e4af393ceecb8ce3387298c9ed334e81d9915d1d
BlobStr:                 a.............+.................B.o.o.t.O.r.d.e.r.........

PCR:                     BIOS Configuration (1)
Type:                    0x80000002
Description:             EV_EFI_VARIABLE_BOOT
ChecksumSha1:            6e08e365bdecfcb2331a5191ff5e240da080fa3c00c5f0d3ddf5f35272344593
BlobStr:                 a.............+.........v.......B.o.o.t.0.0.0.0.....b.F.e.d.o.r.a.....*.....................O.I....N......u.....4.\.E.F.I.\.f.e.d.o.r.a.\.s.h.i.m.x.6.4...e.f.i.......

PCR:                     BIOS Configuration (1)
Type:                    0x80000002
Description:             EV_EFI_VARIABLE_BOOT
ChecksumSha1:            decc826965083b7ef387d0862227a988155a973a771def0fcef228bcba8ddda5
BlobStr:                 a.............+.........&.......B.o.o.t.0.0.0.6.......U.E.F.I.:. .K.X.G.5.0.P.N.V.2.T.0.4. .N.V.M.e. .K.I.O.X.I.A. .2.0.4.8.G.B.,. .P.a.r.t.i.t.i.o.n. .1.....*.....................O.I....N......u.....0.\.E.F.I.\.B.o.o.t.\.B.o.o.t.X.6.4...e.f.i.........T..Gd-.;.A..MQ..L.K.X.G.5.0.P.N.V.2.T.0.4. .N.V.M.e. .K.I.O.X.I.A. .2.0.4.8.G.B.........BO

PCR:                     BIOS Configuration (1)
Type:                    0x80000002
Description:             EV_EFI_VARIABLE_BOOT
ChecksumSha1:            a2142ab746263b62e1348e34ec1dd8c842cff666b08fab6f7899fa06f59a3285
BlobStr:                 a.............+.................B.o.o.t.0.0.0.2.....b.L.i.n.u.x. .F.i.r.m.w.a.r.e. .U.p.d.a.t.e.r.....*.....................O.I....N......u.....4.\.E.F.I.\.f.e.d.o.r.a.\.s.h.i.m.x.6.4...e.f.i.......\.f.w.u.p.d.x.6.4...e.f.i...

PCR:                     BIOS Configuration (1)
Type:                    0x80000002
Description:             EV_EFI_VARIABLE_BOOT
ChecksumSha1:            91f7ba89327c225190e9e4ec1afe4316a6882b46b474789c22e46433519f0609
BlobStr:                 a.............+.........&.......B.o.o.t.0.0.0.7.......U.E.F.I.:. .K.X.G.5.0.P.N.V.2.T.0.4. .N.V.M.e. .K.I.O.X.I.A. .2.0.4.8.G.B.,. .P.a.r.t.i.t.i.o.n. .1.....*.....................L.....J@..S..x.\....0.\.E.F.I.\.B.o.o.t.\.B.o.o.t.X.6.4...e.f.i.........T..Gd-.;.A..MQ..L.K.X.G.5.0.P.N.V.2.T.0.4. .N.V.M.e. .K.I.O.X.I.A. .2.0.4.8.G.B.........BO

PCR:                     BIOS Configuration (1)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            082271255dccb5fe8d86908978b9eb67881b49c7eb0e04faf8bf23f377fd0bf2
BlobStr:                 a.............+.................D.e.p.l.o.y.e.d.M.o.d.e..

PCR:                     BIOS Configuration (1)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            b70b7c1b92209af66d79d12dec1f14f4b8c71c0c69be22a1a04f5c5804e26ec3
BlobStr:                 a.............+.................A.u.d.i.t.M.o.d.e..

PCR:                     BIOS Configuration (1)
Type:                    0x80000009
Description:             EV_EFI_HANDOFF_TABLES
ChecksumSha1:            486ddc0e4e80a527e517631a013dc19a0a727086cd0f29879fe565bf833439c4
BlobStr:                 ........1-...-......'?.M........

PCR:                     Option ROMs (2)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Option ROM configuration (3)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Initial program loader code (4)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Initial program loader code (4)
Type:                    0x80000003
Description:             EV_BOOT_SERVICES_APPLICATION
ChecksumSha1:            0ce02100f67c7ef85f4eed368f02bf7092380a3c23ca91fd7f19430d94b00c19
BlobStr:                 ...M.....y...........................A...............................W....*.....................O.I....N......u.....4.\.E.F.I.\.f.e.d.o.r.a.\.s.h.i.m.x.6.4...e.f.i.......

PCR:                     Initial program loader code (4)
Type:                    0x80000003
Description:             EV_BOOT_SERVICES_APPLICATION
ChecksumSha1:            23a998268c7ae5c88a66ad121235bbb43c55e4e978075416d4ed4f6908f8f23e
BlobStr:                 ..................................&.. &..

PCR:                     Initial program loader code (4)
Type:                    0x80000003
Description:             EV_BOOT_SERVICES_APPLICATION
ChecksumSha1:            e210ac14018625f5b904321d108325595f88f16c77bd8d5e8e2084e2205cb418
BlobStr:                 ................................ ... ....

PCR:                     Initial program loader code configuration (5)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Initial program loader code configuration (5)
Type:                    0x80000006
Description:             EV_EFI_GPT_EVENT
ChecksumSha1:            bbb1a3071f38cb70ceaf12b8e0d7bd24411c338055cb3b187fd75e3b6a1f702e
BlobStr:                 EFI PART....\...$................Rw....."........Rw......4..u..A...H..R.............................(s*......K...>.;O.I....N......u.........................E.F.I. .S.y.s.t.e.m. .P.a.r.t.i.t.i.o.n.......................................;M..t?....#{..i..G..V.*.%$......................................................................................................;M..t?.....E.M._BF...,-Ijt.........Ow.....................................................................................

PCR:                     State transitions and wake events (6)
Type:                    0xc
Description:             EV_COMPACT_HASH
ChecksumSha1:            6045f20bdd1230c4f16d8bfb9074c1447d639b4a660e183593ee2a175a6bea1d
BlobStr:                 Dell Configuration Information 1

PCR:                     State transitions and wake events (6)
Type:                    0xc
Description:             EV_COMPACT_HASH
ChecksumSha1:            46c896e83d9bc0788eeaa5b846b6bf1d9c2d80caf804932be92d064358918c98
BlobStr:                 Dell Configuration Information 1

PCR:                     State transitions and wake events (6)
Type:                    0xc
Description:             EV_COMPACT_HASH
ChecksumSha1:            f4f9a9c613d4ce540f782095264f5d6e142cfe2eb4e5071f2bc25f20ac7e7dce
BlobStr:                 Dell Configuration Information 2

PCR:                     State transitions and wake events (6)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            ccfc4bb32888a345bc8aeadaba552b627d99348c767681ab3141f5b01e40a40e
BlobStr:                 a.............+.................S.e.c.u.r.e.B.o.o.t..

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            2abfe9865a654102acb12f0fefe52dc4d01bce40901410eb3dadaf212700a2b7
BlobStr:                 a.............+.................P.K..Y.....J....\+.r.............MVp...N....I..\0...0..........P.......@-.x..h.0...*.H........0g1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1.0...U....Dell Inc. Platform Key0...160601202007Z..310601203006Z0g1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1.0...U....Dell Inc. Platform Key0.."0...*.H.............0......... :@..gX#.D. ...D...6..mKX.N,."[.......(}...p.'.8....$.......7......S6@v.vd'.&?.E.........).x7.^.9....V...13..6....9.'.g.c........X.D.....H.i._.TOD4.z.W.,.3J..N.]=......d......J.<...&{.i_C._9..$..q.........Bs..<>Tu.SI....T...dqG.o....p..C7..o...d..^..c.q.C......E0C0...U...........0...U.......0.......0...U......Fo... R.V..9.H.H.u..0...*.H.............R..y..r..Ii%..\j.2..t..)i.....F`.Rz3...h.s.8.....g....g.q..hq..@.n.Y.R....R'.l...4..Y*.5...&....7....0(wS...._@6c.Tc...2...y.....&..*k...(.&.Z..`9..........k.|.......7......R(.;.7....~..1..@.........3..y$.,C[B,l..lH#...8>U.I.9..e>...$E.[.(:.......K..l...!.

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            63a525134bfbc242058c0e6b42794f8b1d142d13029a9aa38a3272c5ca2390c5
BlobStr:                 a.............+.................K.E.K..Y.....J....\+.r.............MVp...N....I..\0...0..........'..R.]..L6wB....0...*.H........0g1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1.0...U....Dell Inc. Platform Key0...160601202248Z..230601203247Z0k1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1#0!..U....Dell Inc. Key Exchange Key0.."0...*.H.............0...........;.A)LB....f-.3.....I.}c........f0[.....U.....<....i.....@_(..o.J..A@....3S..Hp...6tJYb.....1..d.....x..x ..N...0......3..A...s...u..\HhI...........N.FY.....jy._....Vp...1..r.....k...]^...\.......Z..........z.....53.e<w(....@....6..+9......f..A..^Q...yy.......f0d0...U...........0...U.......0.......0...U.#..0...Fo... R.V..9.H.H.u..0...U.............{...c..<`r..r0...*.H............. . ..\%.C.oU...=Q..........^..}....l...fMme($s....J.OB+...C........@.....)...vGZ..[.|i.....-...BE8Qp....J.s..Q.Gz...r.5..6.My...k....r...wp5...:.....o.I.v.cxy....,..9.P........7P0.c*rYW.e#.....AE.^....zot...N.b.......h...2..@e.gm........K.I.B..WH{...,.T.k6.Y.....J....\+.r...............wY.2M.`(...xK0...0..........a.........0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1;09..U...2Microsoft Corporation Third Party Marketplace Root0...110624204129Z..260624205129Z0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1*0(..U...!Microsoft Corporation KEK CA 20110.."0...*.H.............0..............W&.&....WzD.]...J.t*....m.....Zc2|..O....8..........,............0..H..P.d.Q...O. .../..........Sjb:.C..%..........#..p...M............./...$........J.C...~.G.l......3....*q....<.%./hvF..O...q*X....y=..e;.)*..rY......5......_..v..c...y@.y...R...{.i..........O0..K0...+.....7.......0...U......b.C..>..g..[.U.{..._0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0...EfRC.~X...N.#U.;:"j.0\..U...U0S0Q.O.M.Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`..+........T0R0P..+.....0..Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0...*.H......................*<.*........Rf....uz...-.vZ.y..7jQ{.d..d..g....x....Xd..W..._.....i.HK2..].0.....x..+...4V.....A%p.k............*..K.().{..|..v...y........o~l.{..E.4Q.9..^V.......B..w....qV...#.....X~.ig..~........<......C..-...j+Z|D.R...-...R.....=.`..3....e.....|....N8./....o....9.......'...B.)..FA;..g..CYe......O.u;..$.PA@y.-O.j'vnR..i{......E..S....0..76a.Ji.4.h....l....l"y......F`....!.....y2`....".K...K.}?W5..Ou..`."S..y...A...Tp...5.|.4r..`;.y....]..........%o8.....y..i.... .............uk4....`.\..WN6.2...

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            ad1850a4885628d86273bad743779c9e665db060236270b5d24dd98f3a22fe86
BlobStr:                 ....:=.E.....geo........5.......d.b..Y.....J....\+.r.............MVp...N....I..\0...0..........4.......M..Q[...0...*.H........0k1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1#0!..U....Dell Inc. Key Exchange Key0...160603142606Z..180603143605Z0b1.0...U....US1.0...U....Texas1.0...U....Round Rock1.0...U....Dell Inc.1.0...U....Dell Inc. UEFI DB0.."0...*.H.............0...........u.....vjsa.E1....S+.....ZE...*~C........f....@[He...?....A...A.....8..5...}...M1.-............Xk...Re...]&/.......f.1W..O.......E..q..."..!kJ){-J1:G...x8.A.....,!g.U.O\.......4]..K....1.....U1.=dP..%.gisJ..=K.)..J..p.2;c .e......,....t.N.....H..#..GQ.........g0e0...U...........0...U.%..0...+.......0...U.#..0..........{...c..<`r..r0...U......].w-..f.U...1.k.0.9.0...*.H...............=..&.).9.m..ty.>........^U8e.o1.QR.........7..5.Cg.n............2.`..b...I..\..|...d..8.]C........;........7^..r.e.u.:....CD..E+...=.<.r..n.o3.s.....Q.X......(j.....D.."?...gfo.@...P...,s=......n.rN.g..@.Q..'.......YX<.A/H"4..&.{.#".....v.....v....0......Y.....J....\+.r@.......$......wY.2M.`(...xK0...0..........a.........0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1;09..U...2Microsoft Corporation Third Party Marketplace Root0...110627212245Z..260627213245Z0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1+0)..U..."Microsoft Corporation UEFI CA 20110.."0...*.H.............0..........lL.E.jK......u.C.Td......}..s....JEa...-...+..MI.A..<.T..........A.\Y.h2..G..q.!O..|.D?..2.&H.u...L.J.~....xwM..........+.Q8]....x...............{@{..('...V^..~.~..D.y9...b.M.8p.h$..3..7.Xi^.|...S..N.*.c.aoc.Y..+y..ag.[.^.....gOqX.".""...Tq..P5Xv...j............v0..r0...+.....7.........0#..+.....7........k..wSJ.%7.N.&{. p.0...U.........C...p...O1n."....0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0...EfRC.~X...N.#U.;:"j.0\..U...U0S0Q.O.M.Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`..+........T0R0P..+.....0..Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0...*.H.............5.B.0...v...hX5)F2v'|..A'B.J.m.8HY.U..X4.....].....A.........]..P...U.B(. ...Q......!.....w..s.....R..P..W..a...m%.@..@...J.M.....T.....+=I+.2.j!iO..~B4.6.... @...%u'.....]..6Tz.P.......t........./..k/.f..#.......3..VK.-.h.....r.......,!L3+..J.h...U2u.j.j<.%.........@Y....Lb.".t..=G.D....45...S.,....q......Df.GT..V........h>.#./^.P....._A.......lu..i.!......M...,wS.%27.lRr....5aj...;.PV.2-....B.'.U...Z..0.T..G.%/.&.A..\.?....[<>?.G.rU.%"..{...*....F........5'b.q....'..Y7`.8...xp..L.......E.e...~i.u......Y.X.Y.....J....\+.r...............wY.2M.`(...xK0...0..........a.vV......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1200..U...)Microsoft Root Certificate Authority 20100...111019184142Z..261019185142Z0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1.0,..U...%Microsoft Windows Production PCA 20110.."0...*.H.............0....................i..!.i33....T...... ......8....-|by...J?.5 p...k...6u..1..p..7.tF.([.`#,..G.g.Q'.r......;S5|...'......#.o.F..n.<A...?].jM.i.%(\6..C............['.'x0.[*.k".S`.,.h.S..I..a..h.sD]}.T+.y...5]l.+\...#.on.&.6..O.'..2;A.,...w..TN.\...e.C....m.w.Z$.H.........C0..?0...+.....7.......0...U.......).9....x....O..|U.S0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0.....V....\bh.=..[.....0V..U...O0M0K.I.G.Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z..+........N0L0J..+.....0..>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0...*.H...............|qQ.y.n..9>.<R.n+?..s..h.H.4M...&.1F.ay..8.Ek...(..........L.6fj.............@26v..Z..........h.b..TlP0X..|...N...|.sW.R!s4Z...V...........~........?..r.S...c..=1e.........=....B..._T......G.o.sNA.@._..*...s.!(...s9_>.\`..............Q.fG.....=.*h.w..Lb{.....z.4..Kbz.....J7.-.W|..=...Z.......:...n.i!7....u..g..W^).9..-...Es[...z....FX.^...g.l5...?$.5..u...V..x,..............~,c...#!..xl.X..6+.......-....@..E...\k>...p.*.j._G..c.2...6.*pZ.BY.qKW.~...!<.........E.... .......]b..c. .u.w}=.E.....W.o3...w.b.Y~

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x80000001
Description:             EV_EFI_VARIABLE_DRIVER_CONFIG
ChecksumSha1:            f0bf49c6a2d3e170077f1f66875d6cb9b2aa382060cac5c0b645660bb95bc058
BlobStr:                 ....:=.E.....geo........'.......d.b.x..Y.....J....\+.r............................0..k0..S.......a.j.......0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1200..U...)Microsoft Root Certificate Authority 20100...100706204023Z..250706205023Z0y1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1#0!..U....Microsoft Windows PCA 20100.."0...*.H.............0.........y.:......d*u.s....>..........8|..3U..#f..(HS.....Q.~..&..t.Y......RpZ,.......}.f.o.bnmK./5l..jcZ_...Ma..~1.l..M....8F...sivUi.L...4.....)~.O......rXbVl...dw.Fe)....L....#.._.o,.....r.(.k>...|..yO~.:..p'k............(.sm.T.(L.k]..]3.7.%a4jB.|.:..Y..Bm:P[H..........0...0...+.....7.......0...U.......O......$.......y.7.0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0.....V....\bh.=..[.....0V..U...O0M0K.I.G.Ehttp://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl0Z..+........N0L0J..+.....0..>http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt0....U. ...0..0....+.....7..0..0=..+........1http://www.microsoft.com/PKI/docs/CPS/default.htm0@..+.......04.2 ..L.e.g.a.l._.P.o.l.i.c.y._.S.t.a.t.e.m.e.n.t.. .0...*.H..............A....o....;......9..p.d...V.......m.o.S.Z....Fl...TV.<.q.Q.T~....B3...$$...........9V...s...~.P#.V$....../'...........bA.Ht...P...)...+..)y..$......@..._3.T]@...b.MH.nAGR....W:..V....&.`u...b....E.>...[D#c%6wo.[."..#jA..B...%{....7b.......9....5...[...7_S..7..O...kv.......u.,A...........Y.m.N.N....r.V.H..#.......O. .p_.kr. I.w.].....8B......7.P.)......%U.@..d..1..Ty.......3...&maI..%..t..........3.BP..P..b.....|f.....X]...a..../I.>........>.........|..Z......].......r.}.*..8.1.(..L.R..j.}.q...p..?..V....L.&...LP.@..A.6.C(........0......wY.2M.`(...xK...i1.........O..R.m.@..`MA..e.....wY.2M.`(...xK./........r($...E4.[..$k;.}.n..z...wY.2M.`(...xK.......-...*o..s..>d.,N..gyj.......wY.2M.`(...xK63..M...x.bd..Y.W...C.&`H.X....v...wY.2M.`(...xK....Kle.. ..q..R0!.b..<H..k)Z+.....wY.2M.`(...xK..h.AFb..?i..nk.b.0.|o..x.....4....wY.2M.`(...xK...F..d.W.Xm........9y..2t-..S.f...wY.2M.`(...xKX......YC.._%...?.LX.^....)uh..q...wY.2M.`(...xKS.....!.....%.w..]o.....P."..Y.....wY.2M.`(...xK.&.~.jq..$...|.e.,.:{k%}...`.^.....wY.2M.`(...xK.c.(.~.S.d-.}.3..*...`....,2...m...wY.2M.`(...xK)..R.<:..,..n.`|.<.....eu\....JD...wY.2M.`(...xK....i.3@.>..h2.....'%'..=I..r..L...wY.2M.`(...xK.^....T..`.....< ......k......R8...wY.2M.`(...xK....Xdo...y..(....#g....+6...9.....wY.2M.`(...xK.._NQ...x.m...%.......or.xRY.e.&...wY.2M.`(...xK..C...z..0..eu1.{.............ct...wY.2M.`(...xK...9v-.6.=...c.qZ9....F\`.lk.......wY.2M.`(...xK....o)..o3.}r..K....H.:*...?O......wY.2M.`(...xK......!H...62u.>.......[1.R.*.[....wY.2M.`(...xK.o.....N0;t........+.o..t.!...h....wY.2M.`(...xK.N:.[C.....@O.4.=.9bg......#.......wY.2M.`(...xK.34)..b....>.H...-..ImT.....d......wY.2M.`(...xK+..&B...6_.K..'.l..Kzo.D./k..i.9...wY.2M.`(...xK+.,.....'.R..*].I.Z+.R.]fb....U....wY.2M.`(...xK,s.3%.m......<[.UY....P.P...R..}...wY.2M.`(...xK.p.g...sQ.......p.W.2..#....+Q.}...wY.2M.`(...xK0f(.Tw0W(.JF}..8zT.i.v..^u.........wY.2M.`(...xK6......A...wz./.^g.4g^..^i5........wY.2M.`(...xK8A.!6....\...!`9MlN.g`.....b..[....wY.2M.`(...xK?....>..TR..^.....mt:syqU.p.j.>s...wY.2M.`(...xKC......c.|....C.-/....&.z.K..u.....wY.2M.`(...xKG..a'.....:k.,....Zmk.6!h..,.*Z....wY.2M.`(...xKQ.1.s....>..!"...Ty..........0a5...wY.2M.`(...xKZ.I..U...9..[..B.,/.g...g6..A.+\...wY.2M.`(...xKk...x.A....{.^.`..G........r../f...wY.2M.`(...xKl.TG..Y..Q.&.l...+..585.r..........wY.2M.`(...xKo.(.q.......{...d|.e......&..:x^...wY.2M.`(...xKq..o."I~T.Fb.$.... w...h......cu...wY.2M.`(...xKrk>.T.j0..=.....p....p..q.-..,#....wY.2M.`(...xKr...g.].V....;....2.....^/m..(.....wY.2M.`(...xKx'..6,..q}.....C..q.Z..H.[...K.....wY.2M.`(...xK...e....k.).T...S.........;.3......wY.2M.`(...xK..;....C........YA.=...Xo+.V7W_g...wY.2M.`(...xK.Z......~.O..G.q.."8b....:....=....wY.2M.`(...xK..HY.........jag..z.n.F.d.r!.YE....wY.2M.`(...xK..4...........e...;=.<5.P_.{.c.!...wY.2M.`(...xK..........se.(.Q..<.Pm........H....wY.2M.`(...xK...c.....t...M.....so..C.fd..1ZB...wY.2M.`(...xK.Ji.1ah.U....`..........f......4...wY.2M.`(...xK....6U....G'Yyk.. .T...iuLHH.t.....wY.2M.`(...xK../P.N.....~.N....]...o..+...]E....wY.2M.`(...xK.h&..m&...h\..}..;M.=......`.<W ...wY.2M.`(...xK...1Q'.s....g.9.1..g0:3"..7...Z....wY.2M.`(...xK.....},....3:..OgQ.......D..L@.....wY.2M.`(...xK.O..6c..h..;.7........*9..h....U...wY.2M.`(...xK..x...J.3!c..5...,3....p.L.5.'W6...wY.2M.`(...xK.z....._..Km.;..vfh..U$|..(7..L....wY.2M.`(...xK...h..fH.....Q...j.$..y..b.........wY.2M.`(...xK....Gu.....".......F,.....].3......wY.2M.`(...xK......*..(...L....[.'(.a...........wY.2M.`(...xK..3f......T.....s.&.........g......wY.2M.`(...xK.k..@...vX....QJI`O........n.x.....wY.2M.`(...xK.;..Y.|....J...>..$Q?.eYW.5.).@....wY.2M.`(...xK....5.g+6~O...Iia]..J.lrMB.........wY.2M.`(...xK.,".;VB.\....G.YG8......D.oY.......wY.2M.`(...xK..n=)...t=.J..........2@...........wY.2M.`(...xK.c.Ox,..........7`..X.b...f..nm....wY.2M.`(...xK...2...KmH],qgr..RY..\..u."....6...wY.2M.`(...xK...aJ.~.......U.......n.E.AR'..[...wY.2M.`(...xKU....=..HZ..7.?...=.....|....c.....wY.2M.`(...xKw.......^;.....b.x...S^.......k/...wY.2M.`(...xK.<.9"...`tFu.7....Z...G/.4.q.9.....wY.2M.`(...xK;..S>......#...A..r.y....-...6.....wY.2M.`(...xK......Q.3@....H..rRj..R.......`I...wY.2M.`(...xKdW[..x....V.4.R.k...D.xYu..N-d.E...wY.2M.`(...xKE...u...H.7R}d..dM...<..$.M.ig..

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x4
Description:             EV_SEPARATOR
ChecksumSha1:            df3f619804a92fdb4057192dc43dd748ea778adc52bc498ce80524c014b81119

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x800000e0
Description:             EV_EFI_EFI_VARIABLE_AUTHORITY
ChecksumSha1:            4d4a8e2c74133bbdc01a16eaf2dbb5d575afeb36f5d8dfcf609ae043909e2ee9
BlobStr:                 ....:=.E.....geo........$.......d.b....wY.2M.`(...xK0...0..........a.........0...*.H........0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1;09..U...2Microsoft Corporation Third Party Marketplace Root0...110627212245Z..260627213245Z0..1.0...U....US1.0...U....Washington1.0...U....Redmond1.0...U....Microsoft Corporation1+0)..U..."Microsoft Corporation UEFI CA 20110.."0...*.H.............0..........lL.E.jK......u.C.Td......}..s....JEa...-...+..MI.A..<.T..........A.\Y.h2..G..q.!O..|.D?..2.&H.u...L.J.~....xwM..........+.Q8]....x...............{@{..('...V^..~.~..D.y9...b.M.8p.h$..3..7.Xi^.|...S..N.*.c.aoc.Y..+y..ag.[.^.....gOqX.".""...Tq..P5Xv...j............v0..r0...+.....7.........0#..+.....7........k..wSJ.%7.N.&{. p.0...U.........C...p...O1n."....0...+.....7.......S.u.b.C.A0...U........0...U.......0....0...U.#..0...EfRC.~X...N.#U.;:"j.0\..U...U0S0Q.O.M.Khttp://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl0`..+........T0R0P..+.....0..Dhttp://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt0...*.H.............5.B.0...v...hX5)F2v'|..A'B.J.m.8HY.U..X4.....].....A.........]..P...U.B(. ...Q......!.....w..s.....R..P..W..a...m%.@..@...J.M.....T.....+=I+.2.j!iO..~B4.6.... @...%u'.....]..6Tz.P.......t........./..k/.f..#.......3..VK.-.h.....r.......,!L3+..J.h...U2u.j.j<.%.........@Y....Lb.".t..=G.D....45...S.,....q......Df.GT..V........h>.#./^.P....._A.......lu..i.!......M...,wS.%27.lRr....5aj...;.PV.2-....B.'.U...Z..0.T..G.%/.&.A..\.?....[<>?.G.rU.%"..{...*....F........5'b.q....'..Y7`.8...xp..L.......E.e...~i.u......Y.X

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x800000e0
Description:             EV_EFI_EFI_VARIABLE_AUTHORITY
ChecksumSha1:            f62c9fac51301a643d2b6d95766c163ecd5ccc2ba48136200af546cb8a08f9a0
BlobStr:                 P.]`F..C..=....#........l.......S.h.i.m.0..h0..P.........v..0...*.H........0 1.0...U....Fedora Secure Boot CA0...121207162554Z..221205162554Z0 1.0...U....Fedora Secure Boot CA0.."0...*.H.............0...........R..\>+..U.Zh.-..v...'........']#....u...]......p....{....Q....t..=$x.ys...+.....gJ".d....&....=9....^R..H....).d.!{...{.O.@+.".GN..$.MS.Z.).^}.....y.Ys...H..+p..t.y..#....y.O.O/.c.Mw..,........Q...6g...XV....f.I..h.........[..x.......p..[W.kD.~...Ff...U........0..0N..+........B0@0>..+.....0..2https://fedoraproject.org/wiki/Features/SecureBoot0...U.#..0.....%......X.3]{ ...;B0...U.%..0...+.......0...U........%......X.3]{ ...;B0...*.H.............7w.:A...q;......J...Q......#..4Y....ute..a:.....+...`<q:...9......N..P..P..>.}z..z.g..........n..........aW.......d..T.Wy....Mk..5.....1....`.....$.<.3P.D.q.Q..1..2......S..jA.e...........$....[.$tM.....2.u....>.0....S....~..IA..i.._..<.`.....j.H?.>sw....?.....k

PCR:                     Platform manufacturer specific measurements (7)
Type:                    0x800000e0
Description:             EV_EFI_EFI_VARIABLE_AUTHORITY
ChecksumSha1:            f62c9fac51301a643d2b6d95766c163ecd5ccc2ba48136200af546cb8a08f9a0
BlobStr:                 P.]`F..C..=....#........l.......S.h.i.m.0..h0..P.........v..0...*.H........0 1.0...U....Fedora Secure Boot CA0...121207162554Z..221205162554Z0 1.0...U....Fedora Secure Boot CA0.."0...*.H.............0...........R..\>+..U.Zh.-..v...'........']#....u...]......p....{....Q....t..=$x.ys...+.....gJ".d....&....=9....^R..H....).d.!{...{.O.@+.".GN..$.MS.Z.).^}.....y.Ys...H..+p..t.y..#....y.O.O/.c.Mw..,........Q...6g...XV....f.I..h.........[..x.......p..[W.kD.~...Ff...U........0..0N..+........B0@0>..+.....0..2https://fedoraproject.org/wiki/Features/SecureBoot0...U.#..0.....%......X.3]{ ...;B0...U.%..0...+.......0...U........%......X.3]{ ...;B0...*.H.............7w.:A...q;......J...Q......#..4Y....ute..a:.....+...`<q:...9......N..P..P..>.}z..z.g..........n..........aW.......d..T.Wy....Mk..5.....1....`.....$.<.3P.D.q.Q..1..2......S..jA.e...........$....[.$tM.....2.u....>.0....S....~..IA..i.._..<.`.....j.H?.>sw....?......

Reconstructed PCRs:
  0:                     c123beecd7e21f720803a4a4286aa51e1bc1ada4
  1:                     9ed31efe50b675eb1e2180ee42337fb28a57bc9c
  2:                     3a4285c323c5af121f270900e88ffeefb2a34233
  3:                     3a4285c323c5af121f270900e88ffeefb2a34233
  4:                     09e0f52265930defff7e333aeed0a9179a43ff3e
  5:                     51398e344c8dfd7f64fbb086286a646b0b7bc59f
  6:                     c9f300188c6257df9d59000277e5b09f2ad690a0
  7:                     34bbef93ca1ce8f31a934d40607258c1c9390be3
# fwupdmgr security --force
Host Security ID: HSI:1+U (v1.5.0)

HSI-1
✔ MEI manufacturing mode:        Locked
✔ SPI BIOS region:               Locked
✔ SPI lock:                      Enabled
✔ SPI write:                     Disabled
✔ TPM v2.0:                      Found
✔ UEFI dbx:                      Found
✔ UEFI secure boot:              Enabled

HSI-2
✔ IOMMU:                         Enabled
✘ TPM PCR0 reconstruction:       Invalid

HSI-3
✔ Pre-boot DMA protection:       Enabled
✘ Intel CET:                     Not supported
✘ Suspend-to-idle:               Disabled
✘ Suspend-to-ram:                Enabled

HSI-4
✔ Intel AMT:                     Disabled
✘ Encrypted RAM:                 Not supported

Runtime Suffix -U
✔ Firmware updates:              Supported

Runtime Suffix -A
✘ Firmware attestation:          Not supported

Runtime Suffix -!
✔ Linux kernel:                  Untainted
✔ Linux kernel lockdown:         Enabled
✔ Linux swap:                    Encrypted
✔ fwupd plugins:                 Untainted

Host Security ID attributes uploaded successfully, thanks!
# tpm2_pcrread
sha1:
  0 : 0x752B2BF6616B69CAA59CD5BDBFFADA00F23D40B4
  1 : 0xEFD07D491F8A2F56B695DAE5F5C77A86FF7256B4
  2 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236
  3 : 0xB2A83B0EBF2F8374299A5B2BDFC31EA955AD7236
  4 : 0x3AA42E90A4AE35ACA0A1B5E3AD4A4482965DF37E
  5 : 0xE8AFA43B14D0C2B602BA4D90E5AD2B255BA34C8F
  6 : 0x380AFEA4FA7D8FB2CDA021946E1BBB6DDAF25481
  7 : 0x0F9C6D2615F97A0BDB3B0E80918F173390BD9176
  8 : 0x0000000000000000000000000000000000000000
  9 : 0x0000000000000000000000000000000000000000
  10: 0x6877DFE28E8B9F79DB9C12D3023DD30B72BB9B88
  11: 0x0000000000000000000000000000000000000000
  12: 0x0000000000000000000000000000000000000000
  13: 0x0000000000000000000000000000000000000000
  14: 0x0000000000000000000000000000000000000000
  15: 0x0000000000000000000000000000000000000000
  16: 0x0000000000000000000000000000000000000000
  17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  23: 0x0000000000000000000000000000000000000000
sha256:
  0 : 0x0F65D1B1F0AE5FDA6BD5D71918B7307908DE10DC8AEE09BCF51B14B8E8976D20
  1 : 0xC04CB07F96FFEF69D88B100145770A01ADFB97FDB0FC887CE62F86041A60DA3E
  2 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
  3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
  4 : 0x16A16B50AEE0856E093AAF8C10E313C2C764EEA09009D97600B33B39251C12B5
  5 : 0x411C47151694B2A235CE245B482BE2399157FEDE60F116219A016F0EE37CC57C
  6 : 0x88047A2BF5FA014719FB3E7136E7B847F1E86DF4AF007553F089962EA85ED88A
  7 : 0xB523EC60C0748F15C1F39A60CF582B8BD4A746FF644517984820E771F2475B86
  8 : 0x0000000000000000000000000000000000000000000000000000000000000000
  9 : 0x0000000000000000000000000000000000000000000000000000000000000000
  10: 0xA04FB418325A1773E35B68EB73AF7646A6D80F31F2F82BF4110B6F256F31FE13
  11: 0x0000000000000000000000000000000000000000000000000000000000000000
  12: 0x0000000000000000000000000000000000000000000000000000000000000000
  13: 0x0000000000000000000000000000000000000000000000000000000000000000
  14: 0x0000000000000000000000000000000000000000000000000000000000000000
  15: 0x0000000000000000000000000000000000000000000000000000000000000000
  16: 0x0000000000000000000000000000000000000000000000000000000000000000
  17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
  23: 0x0000000000000000000000000000000000000000000000000000000000000000
sha384:
superm1 commented 4 years ago

A bug with PCR0 reconstruction was identified in fwupd code. This bug has been fixed in the stable branches for all applicable releases: 1_3_X, 1_4_X and master.

Can you please upgrade to a version with the fix, and confirm if this behavior still happens?

superm1 commented 4 years ago

A new tool bug was recently identified and fixed in master, 1_4_x, and 1_3_X branches. It's not in any released version yet, but will be in 1.5.0 from master, 1.4.7 from 1_4_X and 1.3.12 from 1_3_X in the future. https://github.com/fwupd/fwupd/pull/2394

Please upgrade to a new version with the patch integrated to confirm if this bug still exists.

hpvb commented 4 years ago

Tested on 1.5.0 and I get this now:

WARNING: UEFI ESP partition not detected or configured
Host Security ID: HSI:2 (v1.5.0)

HSI-1
✔ CSME manufacturing mode:       Locked
✔ CSME override:                 Locked
✔ CSME v0:12.0.68.1606:          Valid
✔ Intel DCI debugger:            Disabled
✔ SPI BIOS region:               Locked
✔ SPI lock:                      Enabled
✔ SPI write:                     Disabled
✔ TPM v2.0:                      Found

HSI-2
✔ IOMMU:                         Enabled
✔ Intel BootGuard:               Enabled
✔ Intel BootGuard ACM protected: Valid
✔ Intel BootGuard OTP fuse:      Valid
✔ Intel BootGuard verified boot: Valid
✔ Intel DCI debugger:            Locked
✔ TPM PCR0 reconstruction:       Valid

HSI-3
✔ Intel BootGuard error policy:  Valid
✔ Pre-boot DMA protection:       Enabled
✘ Intel CET Enabled:             Not supported
✘ Suspend-to-idle:               Disabled
✘ Suspend-to-ram:                Enabled

HSI-4
✔ Intel SMAP:                    Enabled
✘ Encrypted RAM:                 Not supported

Runtime Suffix -U
✘ Firmware updates:              Not supported

Runtime Suffix -A
✘ Firmware attestation:          Not supported

Runtime Suffix -!
✔ Linux kernel:                  Untainted
✔ Linux kernel lockdown:         Enabled
✔ Linux swap:                    Encrypted
✔ fwupd plugins:                 Untainted

So it looks OK to me!