search

grawity / tpm_futurepcr

Calculate future (next boot) TPM PCRs after a kernel upgrade
MIT License
38 stars 8 forks source link

Exiting due to unusual boot process events #4

Closed Amarjit3 closed 3 years ago

Amarjit3 commented 3 years ago

Hello,

I installed the script to my Huawei Matebook X Pro laptop running Pop_OS! 20.04 and carried out the following command:

sudo tpm_futurepcr -L 0,2,4,7 -o /home/user/pcrvalues.bin

This was successful. However, when I attempted to carry out the same command on my Lenovo T14 laptop, I received the error:

"Exiting due to unusual boot process events"

The laptop is also running Pop_OS! Both were clean installations.

Could you please advise? Thank you.

Amarjit3 commented 3 years ago

Additional information:

I have found the culprit of the error; when I ran verbose I saw the following:

PCR 4 -- Event 80000003 <TpmEventType.EFI_BOOT_SERVICES_APPLICATION>
Extend (SHA1): 817c6e2863bc7b6ef6e3521d87d72badd01e94c7
Path vector:
* MediaDevice          PIWGFirmwareVolume   b'\xaeQ\xc1\x8fo\xc9\xc9K\x8c3\x10y\x92\xc7s['
* MediaDevice          PIWGFirmware         b'&\xca\x1a\x82\xea)\x93I\x83\x9fY\x7f\xc0!p\x8d'
* End                  255                  b''
* entry didn't map to a Linux path

How do I locate this EFI application that is not being recognised?

grawity commented 3 years ago

Is that the only entry, or is it followed by the real bootloader afterwards? Does it change if you reboot?

The event log may contain entries about accessing the firmware setup screens, not just the OS bootloader. (Basically everything since boot.)

On the one hand, those could be simply skipped. But on the other hand, they will result in a different PCR value, so (IIRC) I had deliberately made the script fail when encountering those, to remind the user...

Amarjit3 commented 3 years ago

Thanks for the reply.

I will provide the whole output:

$ sudo tpm_futurepcr -L 4 -o /home/amarjit/pcrvalues.bin --v

PCR 4 -- Event 80000003 <TpmEventType.EFI_BOOT_SERVICES_APPLICATION>
Extend (SHA1): 817c6e2863bc7b6ef6e3521d87d72badd01e94c7
Path vector:
  * MediaDevice          PIWGFirmwareVolume   b'\xaeQ\xc1\x8fo\xc9\xc9K\x8c3\x10y\x92\xc7s['
  * MediaDevice          PIWGFirmware         b'&\xca\x1a\x82\xea)\x93I\x83\x9fY\x7f\xc0!p\x8d'
  * End                  255                  b''
entry didn't map to a Linux path

PCR 4 -- Event 80000007 <TpmEventType.EFI_ACTION>
Extend (SHA1): cd0fdb4531a6ec41be2753ba042637d6e5f7f256
0x00000000: 43 61 6C 6C 69 6E 67 20 45 46 49 20 41 70 70 6C |Calling.EFI.Appl|
0x00000010: 69 63 61 74 69 6F 6E 20 66 72 6F 6D 20 42 6F 6F |ication.from.Boo|
0x00000020: 74 20 4F 70 74 69 6F 6E                         |t.Option        |
--> after this event, PCR 4 contains value ee01a03529a6b38b5ded18ab6ae8d771aaac1925
--> after reboot, PCR 4 will contain value ee01a03529a6b38b5ded18ab6ae8d771aaac1925

PCR 4 -- Event 00000004 <TpmEventType.SEPARATOR>
Extend (SHA1): 9069ca78e7450a285173431b3e52c5c25299e473
0x00000000: 00 00 00 00                                     |....            |
--> after this event, PCR 4 contains value 45a323382bd933f08e7f0e256bc8249e4095b1ec
--> after reboot, PCR 4 will contain value 45a323382bd933f08e7f0e256bc8249e4095b1ec

PCR 4 -- Event 80000003 <TpmEventType.EFI_BOOT_SERVICES_APPLICATION>
Extend (SHA1): 6ca58435716cf01c3ce3c53931ab30f2b3414929
Path vector:
  * ACPIDevice           ACPI                 b'\xd0A\x03\n\x00\x00\x00\x00'
  * HardwareDevice       PCI                  b'\x01\x02'
  * HardwareDevice       PCI                  b'\x00\x00'
  * MessagingDevice      NVMe                 b'\x01\x00\x00\x00\x00%8\x81\x11\xb4\x0f\x8f'
  * MediaDevice          HardDrive            b'\x01\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\xff\x8f\x0f\x00\x00\x00\x00\x00R\xf9_\xca\xed\\\xa9F\xbdu^\xc4\xb2\x0f\xcf\x01\x02\x02'
  * MediaDevice          FilePath             \EFI\systemd\systemd-bootx64.efi
  * End                  255                  b''
-- extending with coff hash --
file path = /boot/efi/EFI/systemd/systemd-bootx64.efi
file hash = 6ca58435716cf01c3ce3c53931ab30f2b3414929
this event extend value = 6ca58435716cf01c3ce3c53931ab30f2b3414929
guessed extend value = 6ca58435716cf01c3ce3c53931ab30f2b3414929
--> after this event, PCR 4 contains value d2aca9e45c3b7305144dc553b911a65be8852b4b
--> after reboot, PCR 4 will contain value d2aca9e45c3b7305144dc553b911a65be8852b4b

PCR 4 -- Event 80000003 <TpmEventType.EFI_BOOT_SERVICES_APPLICATION>
Extend (SHA1): eb28e99894160db74cab358fe4c57e0bc731ab2e
Path vector:
  * ACPIDevice           ACPI                 b'\xd0A\x03\n\x00\x00\x00\x00'
  * HardwareDevice       PCI                  b'\x01\x02'
  * HardwareDevice       PCI                  b'\x00\x00'
  * MessagingDevice      NVMe                 b'\x01\x00\x00\x00\x00%8\x81\x11\xb4\x0f\x8f'
  * MediaDevice          HardDrive            b'\x01\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\xff\x8f\x0f\x00\x00\x00\x00\x00R\xf9_\xca\xed\\\xa9F\xbdu^\xc4\xb2\x0f\xcf\x01\x02\x02'
  * MediaDevice          FilePath             \EFI\Linux.efi
  * End                  255                  b''
-- extending with coff hash --
file path = /boot/efi/EFI/Linux.efi
file hash = eb28e99894160db74cab358fe4c57e0bc731ab2e
this event extend value = eb28e99894160db74cab358fe4c57e0bc731ab2e
guessed extend value = eb28e99894160db74cab358fe4c57e0bc731ab2e
--> after this event, PCR 4 contains value c10be2e8259cf0b3f04fa32f875a5d541ce54867
--> after reboot, PCR 4 will contain value c10be2e8259cf0b3f04fa32f875a5d541ce54867

== Final computed & predicted PCR values ==
        CURRENT                                  | PREDICTED NEXT                          
PCR  4: c10be2e8259cf0b3f04fa32f875a5d541ce54867 | c10be2e8259cf0b3f04fa32f875a5d541ce54867

How do I access the event log? The output above does not change if I reboot. I feel this event does contribute to the PCR4 because the computed CURRENT PCR does not match the same one I obtain using sudo tpm2_pcrread

grawity commented 3 years ago

How do I access the event log?

You're looking at it. That's the log that tpm_futurepcr parses and displays.

(Latest tpm2_tools also have tpm2_eventlog which does pretty much the same, so you could use it to double-check.)

The output above does not change if I reboot.

Are you using the firmware's boot menu to access Linux, or just going automatically to systemd-boot?

I feel this event does contribute to the PCR4

It does, but the script incorrectly skipped extending the PCRs after displaying such an event. Try again with latest git.

Amarjit3 commented 3 years ago

When I turn on my laptop, it boots straight to systemd-boot and then it launches my default Linux binary (Linux.efi) - I do not select the firmware's boot menu to access Linux.

Thanks for the new git - I'll try it and report back.

Amarjit3 commented 3 years ago

Thanks so much! The script now computes the correct CURRENT PCR and then when I made a change to the initrd.img, the FUTURE PCR was also correctly computed. I've noticed you've added a new commit - does specifying --allow-unexpected-bsa stop the programme from producing an error and exiting in this case?

grawity commented 3 years ago

In theory it should.

I don't know if there's a reliable way to distinguish your kind of regularly appearing events from "one-off boot" situations, so I still want to keep the warning by default.