Forward seal does not appear to be working. After making changes that should trip measured launch and then forward sealing the system, measured launch trips upon reboot.
OXT Build: Stable 9 6524
Dell Latitude 7490
1.8.0 BIOS (latest available)
UEFI with TPM 2.0
Make changes that should trip measured launch
Forward seal system
Reboot and observe SECURITY WARNING: Measured Launch Unseal FAILED
In the environment field, please include:
OpenXT build number
Also helpful, if available:
Text of the measured launch error
Status report from the system after boot
Description and environment updated with additional information. I believe Joel Upham has encountered this issue on a different hardware configuration as well. Doing further research on system status.
We've done further research on this problem. I believe there are two bugs but not necessarily with the forward seal itself.
First thing to note is that good.pcrs isn't updating either on forward seal or on auto-unlock. It only updates on reseal&reboot. That had me chasing some ghosts for a bit. I will spin off a new ticket for that.
Secondly: To test forward sealing we were touching root fs as follows:
On reboot measured launch would trip. However, if we continued into the system and forward sealed again the next reboot would auto unlock successfully. The problem here might be with ro not with forward sealing. I can either close this ticket and create a new one for RO, or we could continue to investigate the ro issue as part of this ticket.
PR up for this. Will open stable-9 PR when master is approved.
RW, RO, Forward seal confirmed working in build 6552