ml/uefi: Failure to unseal upon reboot on HP 800 G3

Description

Only seen on HP 800 G3 mini for now.

Installation with measured launch will succeed, sealing will succeed, but unsealing will fail upon reboot.
On first reboot, following installation:

  • /boot/system/tpm/bad.pcrs match tpm2_pcrlist (bad.pcrs has PCR15 uncapped value of course),
    On second reboot:

  • Unsealing succeeds and the platform reboot in measured state?
    On further reboots:

  • Unsealing fails, /boot/system/tpm/bad.pcrs does not match tpm2_pcrlist for PCR1.

Environment

HP 800 G3 mini (Firmware P12 Ver 2.25 01/03/2019)
OpenXT 9
TXT enabled.

Validation Steps

  1. Install OpenXT 9 with measured launch enabled;

  2. Reboot into installed system.

    • Reboot should be successful;

    • Reboot should end up in UIVM displaying a green shield at the bottom right corner.

Assignee

Andrew Jones

Reporter

Eric Chanudet

Labels

None

QA Assignee

None

QA Image URL

None

Epic Link

Components

Fix versions

Affects versions

Priority

Critical
Configure