Only seen on HP 800 G3 mini for now.
Installation with measured launch will succeed, sealing will succeed, but unsealing will fail upon reboot.
On first reboot, following installation:
/boot/system/tpm/bad.pcrs match tpm2_pcrlist (bad.pcrs has PCR15 uncapped value of course),
On second reboot:
Unsealing succeeds and the platform reboot in measured state?
On further reboots:
Unsealing fails, /boot/system/tpm/bad.pcrs does not match tpm2_pcrlist for PCR1.
HP 800 G3 mini (Firmware P12 Ver 2.25 01/03/2019)
Install OpenXT 9 with measured launch enabled;
Reboot into installed system.
Reboot should be successful;
Reboot should end up in UIVM displaying a green shield at the bottom right corner.
Oh, I think you only get the TPM2 binary_bios_measurements when you boot UEFI.
Try HP firmware from May to see if there are any improvements.
shows new firmware available: 184.108.40.20690 Rev.A : May 3, 2019
Release notes mention that it addresses a series of CVEs.
From triage call: HP is working on a fix but has not yet released that fix in a BIOS update.
ED800G3 mini TPM2.0 on 2.31 appears to solve many of these issue legacy-boot but not yet UEFI.