[systemd-devel] systemd-pcrlock Failed to submit super PCR policy
Dominick Grift
dominick.grift at defensec.nl
Mon Feb 5 08:24:10 UTC 2024
systemd v255
Debian Testing
Linux nimbus 6.6.13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.6.13-1
(2024-01-20) x86_64 GNU/Linux
systemd-pcrlock
Feb 04 20:00:02 nimbus audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=sys.id:sys.role:sys.subj:s0 msg='unit=systemd-pcrlock-make-policy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
Feb 04 20:00:02 nimbus systemd[1]: Failed to start systemd-pcrlock-make-policy.service - Make TPM2 PCR Policy.
Feb 04 20:00:02 nimbus systemd[1]: systemd-pcrlock-make-policy.service: Failed with result 'exit-code'.
Feb 04 20:00:02 nimbus systemd[1]: systemd-pcrlock-make-policy.service: Main process exited, code=exited, status=1/FAILURE
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Failed to submit super PCR policy: State not recoverable
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Failed to add OR policy to TPM: tpm:parameter(1):value is out of range or is not correct for the context
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: ERROR:esys:src/tss2-esys/api/Esys_PolicyOR.c:100:Esys_PolicyOR() Esys Finish ErrorCode (0x000001c4)
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: WARNING:esys:src/tss2-esys/api/Esys_PolicyOR.c:286:Esys_PolicyOR_Finish() Received TPM Error
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR Branch #1: a36d5b482f1c0ff2c57737c7e8c671d88f0bb2cf52140034ec4b67774eb47e87
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR Branch #0: 2cacf1f3ded4eead1044bd14c4e519a4614c6af51a4781a89126834b7830e81b
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR policy.
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: PolicyPCR calculated digest: a36d5b482f1c0ff2c57737c7e8c671d88f0bb2cf52140034ec4b67774eb47e87
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: PolicyPCR calculated digest: 2cacf1f3ded4eead1044bd14c4e519a4614c6af51a4781a89126834b7830e81b
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Session policy digest: b117275cc6ee990f9c572b80e67a98f133cd092029b450eda445fb1ff2454886
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Acquiring policy digest.
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting PCR hash policy.
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting PCR/OR policy for PCR 1
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Session policy digest: 6cc828077856fbe4333c4372ec374df31f6c3a36b2e63b778d2e2ae6b3ef532a
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Acquiring policy digest.
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR Branch #1: 940dbe9fc9a5c4cb73e30e6454b659f8f635ebc0b6d4b327c4f98fad9bc56ccf
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR Branch #0: eeec8aadd13fef1af29067b499a8e9eeb82215a32a2bc838b5d5e4984c4d7100
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Submitting OR policy.
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: PolicyPCR calculated digest: 940dbe9fc9a5c4cb73e30e6454b659f8f635ebc0b6d4b327c4f98fad9bc56ccf
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: PolicyPCR calculated digest: eeec8aadd13fef1af29067b499a8e9eeb82215a32a2bc838b5d5e4984c4d7100
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Session policy digest: eeec8aadd13fef1af29067b499a8e9eeb82215a32a2bc838b5d5e4984c4d7100
Feb 04 20:00:02 nimbus systemd-pcrlock[35974]: Acquiring policy digest.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Submitting PCR hash policy.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Submitting PCR/OR policy for PCR 0
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Session policy digest: af31ab03c1d2d596f518acc44424bfa26c777400bc7c4e60f883663512a84988
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Acquiring policy digest.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Submitting PCR hash policy.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Including PCR 14 in single value PolicyPCR expression
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Including PCR 13 in single value PolicyPCR expression
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Including PCR 12 in single value PolicyPCR expression
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Starting policy session.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Retrieving PIN from sealed data.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Starting HMAC encryption session.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0005 property 0x0000 count 1.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0008 property 0x0000 count 508.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0002 property 0x011f count 256.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0000 property 0x0001 count 127.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: TPM successfully started up.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Loaded TCTI module 'tcti-device' (TCTI module for communication with Linux kernel interface.) [Version 2]
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Using TPM2 TCTI driver 'device' with device '/dev/tpmrm0'.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: [{"pcr":0,"values":["27af039edc3bad60adc1b5a90354420c4f7bec8fef4d1ecd979879e70f987b19","ff48399a29197a1ca511c30927a0175ab8cf4b04e71d6941ffd1f4f6edb4c1c1"]},{"pcr":1,"values":["0ca6a3b439d71be2346a3b237ea9388022ce6ac306f90812eb3f421b0b82a505","b4b7b70f48e1c04281d7a8ff0a0aedb3aef1d8a390d878bd3f61cf7017eedeac"]},{"pcr":2,"values":["ef674cd26ad78dd8240a4723b1a527de84218773adeaaabf68a9a71b64e1dba8","662273f62df21347cfcc2998de34b6c8b2e1b485e6058a6616c68d6f3e8f9ffe"]},{"pcr":3,"values":["3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969","e21b703ee69c77476bccb43ec0336a9a1b2914b378944f7b00a10214ca8fea93"]},{"pcr":7,"values":["a7ad404f09bf9711adf19886f165cd93e7c1443951cc081ef12dcab940520ea2","f24d3574bd765cee0e5e79d88f7e21532ab36a05a468649991f74220eb2114c8"]},{"pcr":12,"values":["0000000000000000000000000000000000000000000000000000000000000000"]},{"pcr":13,"values":["0000000000000000000000000000000000000000000000000000000000000000"]},{"pcr":14,"values":["0000000000000000000000000000000000000000000000000000000000000000"]}]
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Predicted future PCRs in 154us.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 1 for PCR 14 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 300-0x00000000:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 1 for PCR 13 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 300-0x00000000:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 1 for PCR 12 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 300-0x00000000:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 2 for PCR 7 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 600-0xffffffff:500-separator at 300-0x00000000:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 1 for PCR 7 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 300-0x00000000:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 2 for PCR 3 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 600-0xffffffff:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 1 for PCR 3 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 300-0x00000000:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 2 for PCR 2 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 600-0xffffffff:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 1 for PCR 2 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 300-0x00000000:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 2 for PCR 1 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 600-0xffffffff:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 1 for PCR 1 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 300-0x00000000:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 2 for PCR 0 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 600-0xffffffff:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Added prediction result 1 for PCR 0 (path: 240-secureboot-policy at generated:250-firmware-code-early at generated:250-firmware-config-early at generated:350-action-efi-application:400-secureboot-separator at 300-0x00000000:500-separator at 300-0x00000000:550-firmware-code-late at generated:550-firmware-config-late at generated:700-action-efi-exit-boot-services at 300-present:750-enter-initrd)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCRs in protection mask: 0 (platform-code), 1 (platform-config), 2 (external-code), 3 (external-config), 7 (secure-boot-policy), 12 (kernel-config), 13 (sysexts), 14 (shim-policy)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCRs dropped from protection mask: 4 (boot-loader-code), 5 (boot-loader-config), 11 (kernel-boot), 15 (system-identity)
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 15 (system-identity) event log contains unrecognized measurements. Removing from set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 14 (shim-policy) matches event log and fully consists of recognized measurements. Including in set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 13 (sysexts) matches event log and fully consists of recognized measurements. Including in set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 12 (kernel-config) matches event log and fully consists of recognized measurements. Including in set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 11 (kernel-boot) event log contains unrecognized measurements. Removing from set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 7 (secure-boot-policy) matches event log and fully consists of recognized measurements. Including in set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 5 (boot-loader-config) event log contains unrecognized measurements. Removing from set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 4 (boot-loader-code) event log contains unrecognized measurements. Removing from set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 3 (external-config) matches event log and fully consists of recognized measurements. Including in set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 2 (external-code) matches event log and fully consists of recognized measurements. Including in set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 1 (platform-config) matches event log and fully consists of recognized measurements. Including in set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR 0 (platform-code) matches event log and fully consists of recognized measurements. Including in set of PCRs.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Event log record 52 (PCR 15, "cryptsetup:root:7d645b5c-c9d2-4bea-b25f-e7f59f207541") not matching any component.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Event log record 34 (PCR 11, "String: .linux") not matching any component.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Event log record 49 (PCR 9, "Linux: kernel command line") not matching any component.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Event log record 29 (PCR 5, "GPT: disk bad15aff-7767-4ca4-9f6c-9007f0d31410") not matching any component.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Event log record 30 (PCR 4, "File: \EFI\BOOT\BOOTX64.EFI") not matching any component.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Unable to recognize 1 components in event log.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Skipped 7 components after location '770' (800-leave-initrd, 820-machine-id, 830-root-file-system, 850-sysinit, 900-ready, 950-shutdown, 990-final).
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Couldn't find component '350-action-efi-application' in event log.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: 'content_type' missing from TPM measurement log file entry, ignoring.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 23:sha256=0000000000000000000000000000000000000000000000000000000000000000
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 22:sha256=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 21:sha256=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 20:sha256=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 19:sha256=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 18:sha256=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 17:sha256=ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 16:sha256=0000000000000000000000000000000000000000000000000000000000000000
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Read PCR selection: [sha256(16+17+18+19+20+21+22+23)]
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Reading PCR selection: [sha256(16+17+18+19+20+21+22+23)]
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 15:sha256=a9c7f8c2c934cf0f8e9c950d7d7ee2738fe09c151cdea6262a42cd16c409a36f
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 14:sha256=0000000000000000000000000000000000000000000000000000000000000000
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 13:sha256=0000000000000000000000000000000000000000000000000000000000000000
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 12:sha256=0000000000000000000000000000000000000000000000000000000000000000
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 11:sha256=05eb7801dbf4087b4b03530f644896b6b1c4277b2065ca3d88b07cd344e35a97
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 10:sha256=00fa253504fa5d064f1b3b0bdea24ea39a785c60e7207cba39930a2c8ce0d117
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 9:sha256=74d85157e49bed6bdac77096e7695dcd101ba2856af8c2420a0b6c28e89b3a60
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 8:sha256=0000000000000000000000000000000000000000000000000000000000000000
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Read PCR selection: [sha256(8+9+10+11+12+13+14+15)]
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Reading PCR selection: [sha256(8+9+10+11+12+13+14+15+16+17+18+19+20+21+22+23)]
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 7:sha256=a7ad404f09bf9711adf19886f165cd93e7c1443951cc081ef12dcab940520ea2
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 6:sha256=3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 5:sha256=bc0fec63208bef9302aa4904a2cbea401c34ddecd0e9b80f342aff17e3c53ce1
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 4:sha256=9450af0d5142740a677a24bdf37b57b5b8b1462fe656d37decbdf022b7039690
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 3:sha256=3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 2:sha256=ef674cd26ad78dd8240a4723b1a527de84218773adeaaabf68a9a71b64e1dba8
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 1:sha256=0ca6a3b439d71be2346a3b237ea9388022ce6ac306f90812eb3f421b0b82a505
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: PCR value: 0:sha256=27af039edc3bad60adc1b5a90354420c4f7bec8fef4d1ecd979879e70f987b19
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Read PCR selection: [sha256(0+1+2+3+4+5+6+7)]
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Reading PCR selection: [sha256(0+1+2+3+4+5+6+7+8+9+10+11+12+13+14+15+16+17+18+19+20+21+22+23)]
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0005 property 0x0000 count 1.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0008 property 0x0000 count 508.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0002 property 0x011f count 256.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Getting TPM2 capability 0x0000 property 0x0001 count 127.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: TPM successfully started up.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Loaded TCTI module 'tcti-device' (TCTI module for communication with Linux kernel interface.) [Version 2]
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Using TPM2 TCTI driver 'device' with device '/dev/tpmrm0'.
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x04 subtype=0x03
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x04 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x03 subtype=0x17
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x02 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x04 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x03 subtype=0x17
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x02 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x04 subtype=0x08
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x02 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x04 subtype=0x08
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x01 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x02 subtype=0x01
Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: TPM PC Client Platform Firmware Profile: family 2.0, revision 0.0
Feb 04 20:00:01 nimbus systemd[1]: Starting systemd-pcrlock-make-policy.service - Make TPM2 PCR Policy...
Dump a new UKI into /boot/EFI/Linux and reboot
Question is: How do I interpret and deal with this situation?
Thanks
--
gpg --locate-keys dominick.grift at defensec.nl (wkd)
Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098
Dominick Grift
Mastodon: @kcinimod at defensec.nl
More information about the systemd-devel
mailing list