From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130])
 by mx.groups.io with SMTP id smtpd.web12.57.1648678297068066629
 for <devel@edk2.groups.io>;
 Wed, 30 Mar 2022 15:11:37 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=OkhVQHwx;
 spf=pass (domain: hansenpartnership.com, ip: 96.44.175.130, mailfrom: james.bottomley@hansenpartnership.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
	d=hansenpartnership.com; s=20151216; t=1648678296;
	bh=2l2NSIbEqQdWl7oiC5pwDWx3feKKPhOw5zpTn5Dt54A=;
	h=Message-ID:Subject:From:To:Date:From;
	b=OkhVQHwxFc5CUwOUUSH4e0kK0/1pwaINKOZJPsMIIWI55xbyOwcIh1IKqJVUFQIo+
	 +/i5F9W4W33G/rqGaJbk+ffHWLsR4aJO3qqsbERa9HKHJguFoBr6UO1Qwmvuv599+/
	 AjalT8TxfzhtdQYHeJjisvN9jMF6gkSxQ4c8OP4Q=
Received: from localhost (localhost [127.0.0.1])
	by bedivere.hansenpartnership.com (Postfix) with ESMTP id 019A21288519
	for <devel@edk2.groups.io>; Wed, 30 Mar 2022 18:11:36 -0400 (EDT)
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
	by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id iJ_ZpQfoVPwq for <devel@edk2.groups.io>;
	Wed, 30 Mar 2022 18:11:35 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
	d=hansenpartnership.com; s=20151216; t=1648678295;
	bh=2l2NSIbEqQdWl7oiC5pwDWx3feKKPhOw5zpTn5Dt54A=;
	h=Message-ID:Subject:From:To:Date:From;
	b=YCzjp1iNiK69MVAhaxUx6dl190sw/uy+mBvA0lDbNID0aL8ICKNGOxwnI3fhbm5f1
	 pPxkW/b/eII8Cn3OCf5I0G9KQtF7n4z1rV0rqNaT0IHhhHK+2Xl+h+mJQ7TjI+n/A2
	 ROU4ntXI0lEoAMe7urEqG9oOwOsZqOqOpBQrU8N4=
Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4300:c551::c14])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 938CC1288518
	for <devel@edk2.groups.io>; Wed, 30 Mar 2022 18:11:35 -0400 (EDT)
Message-ID: <837f212035fd289560225646e6ef7fd72f369a32.camel@HansenPartnership.com>
Subject: Does anyone know why the measured boot log seems to be recording the hash of PEIFV wrongly?
From: "James Bottomley" <James.Bottomley@HansenPartnership.com>
To: devel@edk2.groups.io
Date: Wed, 30 Mar 2022 18:11:34 -0400
User-Agent: Evolution 3.34.4 
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit

When I do a measured boot of OVMF, I get a load of records including
the two EV_EFI_PLATFORM_FIRMWARE_BLOB events, which, according to the
code in Tcg2Pei.c are supposed to be measuring PEIFV and DXEFV from the
uncompressed MEMFD.  However, when I compare the hashes against the
build artifacts, the DXEFV matches, so is correctly measured.  However
the PEIFV doesn't match ... it's like something modified the contents
before the Tcg2Pei.c measurement is taken.

Does anyone know what this modification to PEIFV is?  My next step
would be to go digging in the PEIFV at the time of measurement to see
if I can find the change, but I figured that asking first might be a
lot less work ...

Thanks,

James