Comment # 1 on bug 1222183 from Alberto Planas Dominguez 
(In reply to Andrei Borzenkov from comment #0)

Hi Andrei, thanks a lot for the detailed bug report

> Error: Unable to parse EVENT_EVENT_TAG event from TPM log
> ::: 04f9c: event type=EVENT_EVENT_TAG pcr=5 digests=4 data=32 bytes
> :::   sha1       01d4e1ca16f118f6fcd954e175c0116c4a4f746b
> :::   sha256    
> bdbea6dbc6791de89a483abc3a61af8e910249e7565682ff2011c910a490520a
> :::   sha384    
> 12ebd339e16a134b0aeeb3114bd5b233f9f862037b7550c922a7c73686fa616995273aa751446
> 40d4fb911945d7b5f55
> :::   sha512    
> 7c4a18a73955640cde19777b87735f1ca928fe6ef6b54aa3a6d8117c8eaadbd6c00778165a9a3
> 20303644489c242c88a5b2ca6b20be1ffe75f70d5b930f647f6
> :::   Data:
> :::         0000  2a 58 bc f5 18 00 00 00 6c 00 6f 00 61 00 64 00 65 00 72
> 00 2e 00 63 00 6f 00 6e 00 66 00 00 00 *X......l.o.a.d.e.r...c.o.n.f...
> Fatal: Aborting.
> Error: Failed to install TPM predictions for 

If I am not wrong this was fixed here:

https://github.com/okirch/pcr-oracle/pull/50

Can you check that the version of pcr-oracle running in the snapshot that you
are updating from contains this change?

"""
Tue Feb 20 18:16:53 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>

- Add fix_loader_conf.patch to measure the systemd-boot loader.conf file
"""

> Apart from the obvious bug in pcr-oracle, this invalidates any claim of
> "immutability" of MicroOS - failed update makes it impossible to boot
> MicroOS without human intervention.

Yes, there is an issue here: systemd-boot started to measure loader.conf in
v255.  We updated the pcr-oracle version 20th of February, and the systemd v255
was populated in Factory two weeks ago, at the end of March.  That should give
1 month of time for the update.

I do not understand how is possible that you have a new systemd, but an old
pcr-oracle.  I will try to replicate the issue locally, downgrading my current
installation.

You are receiving this mail because: