Re: Regression from efi: call get_event_log before ExitBootServices

[Hans de Goede]

Hi,

On 08-03-18 18:26, Jeremy Cline wrote:
> On 03/08/2018 11:50 AM, Hans de Goede wrote:
> > <somehow this part of the thread was missing some email addresses, I've
> > added these now>
> >
> > Hi,
> >
> > On 07-03-18 12:34, Javier Martinez Canillas wrote:
>
> <snip>
>
> > > Are you also able to read the TPM event logs?
> > >
> > > $ hexdump /sys/kernel/security/tpm0/binary_bios_measurements
> >
> > Yes for me that outputs a lot of hex :)
>
> For me, /sys/kernel/security/tmp0 doesn't exist on 4.15.6 or 4.16 with
> the patch reverted.

Hmm, have you re-enabled the TPM in the BIOS?

> > > The UEFI firmware does some measurements and so does shim. So you should
> > > have some event logs. What version of shim are you using? And also would
> > > be good to know if it's the same shim version that Jeremy is using.
> >
> > That is a very good question, I'm using: shim-ia32-13-0.7.x86_64, which is
> > the last version for F27 AFAICT.
>
> All my tablet has installed is shim-0.8-10.x86_64, no shim-ia32.

Yes my bad, although if the kernel changes break booting on systems
without the shim that is still good to know and something which
we probably ought to fix.

> > But Jeremy's tablet might very well be not using the shim at all, as
> > I manually installed Fedora 25 on the tablet he now has, before Fedora
> > supported
> > machines with 32 bit EFI. I then later did a "dnf distro-sync" to
> > Fedora-27.
> >
> > Jeremy might also very well still be booting using a grub binary I build
> > manually back then, without any shim being involved.
> >
> > Jeremy what does efibootmgr -v output on your device ?
>
> # efibootmgr -v
> BootCurrent: 0003
> Timeout: 4 seconds
> BootOrder: 0003,0000,0001,2001,2002,2003
> Boot0000* Android X64 OS
> HD(1,GPT,215e6cf3-e97d-4735-9c4e-7338c8f5a645,0x800,0x32000)/File(\EFI\BOOT\bootx64.efi)RC
> Boot0001* Internal EFI Shell
> FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(c57ad6b7-0515-40a8-9d21-551652854e37)RCM&".
> Boot0003* Fedora
> HD(1,GPT,215e6cf3-e97d-4735-9c4e-7338c8f5a645,0x800,0x32000)/File(\EFI\fedora\grubx64.efi)
> Boot2001* EFI USB Device	RC
> Boot2002* EFI DVD/CDROM	RC
> Boot2003* EFI Network	RC
> Boot8087* Udm
> FvVol(a881d567-6cb0-4eee-8435-2e72d33e45b5)/FvFile(9a9ab4c1-ee1b-488b-b300-24544a7bd418)
>
> I think you're right about it using the old grub binary. I'm
> embarrassingly unfamiliar with both UEFI and grub, but I'm guessing you
> set the location of grub.cfg at compile time? When I boot
> \EFI\fedora\grubx64.efi, it's pulling the grub.cfg from
> \EFI\redhat\grub.cfg.

Ah yes, so I did not build my own grub I took one from RHEL as that had
32 bit UEFI support before Fedora got it and as I was lazy I copied the
32 bit binary over the 64 bit one, so don't let the filename fool you.

What you could do is install grub2-efi-ia32 from the Fedora 27 repos
and then use efibootmgr to add an entry pointing to \EFI\fedora\grubia32.efi
note that one will look at \EFI\fedora\grub.cfg .

Then see if the problem persists. A second step would be to also install
shim-ia32 and point to that...

Regards,

Hans