From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) by mx.groups.io with SMTP id smtpd.web12.57.1648678297068066629 for ; Wed, 30 Mar 2022 15:11:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=OkhVQHwx; spf=pass (domain: hansenpartnership.com, ip: 96.44.175.130, mailfrom: james.bottomley@hansenpartnership.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1648678296; bh=2l2NSIbEqQdWl7oiC5pwDWx3feKKPhOw5zpTn5Dt54A=; h=Message-ID:Subject:From:To:Date:From; b=OkhVQHwxFc5CUwOUUSH4e0kK0/1pwaINKOZJPsMIIWI55xbyOwcIh1IKqJVUFQIo+ +/i5F9W4W33G/rqGaJbk+ffHWLsR4aJO3qqsbERa9HKHJguFoBr6UO1Qwmvuv599+/ AjalT8TxfzhtdQYHeJjisvN9jMF6gkSxQ4c8OP4Q= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 019A21288519 for ; Wed, 30 Mar 2022 18:11:36 -0400 (EDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iJ_ZpQfoVPwq for ; Wed, 30 Mar 2022 18:11:35 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1648678295; bh=2l2NSIbEqQdWl7oiC5pwDWx3feKKPhOw5zpTn5Dt54A=; h=Message-ID:Subject:From:To:Date:From; b=YCzjp1iNiK69MVAhaxUx6dl190sw/uy+mBvA0lDbNID0aL8ICKNGOxwnI3fhbm5f1 pPxkW/b/eII8Cn3OCf5I0G9KQtF7n4z1rV0rqNaT0IHhhHK+2Xl+h+mJQ7TjI+n/A2 ROU4ntXI0lEoAMe7urEqG9oOwOsZqOqOpBQrU8N4= Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4300:c551::c14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 938CC1288518 for ; Wed, 30 Mar 2022 18:11:35 -0400 (EDT) Message-ID: <837f212035fd289560225646e6ef7fd72f369a32.camel@HansenPartnership.com> Subject: Does anyone know why the measured boot log seems to be recording the hash of PEIFV wrongly? From: "James Bottomley" To: devel@edk2.groups.io Date: Wed, 30 Mar 2022 18:11:34 -0400 User-Agent: Evolution 3.34.4 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit When I do a measured boot of OVMF, I get a load of records including the two EV_EFI_PLATFORM_FIRMWARE_BLOB events, which, according to the code in Tcg2Pei.c are supposed to be measuring PEIFV and DXEFV from the uncompressed MEMFD. However, when I compare the hashes against the build artifacts, the DXEFV matches, so is correctly measured. However the PEIFV doesn't match ... it's like something modified the contents before the Tcg2Pei.c measurement is taken. Does anyone know what this modification to PEIFV is? My next step would be to go digging in the PEIFV at the time of measurement to see if I can find the change, but I figured that asking first might be a lot less work ... Thanks, James