PCR mismatching is one common cause of TPM key unsealing fail. Since the
system may be compromised, it is not safe to boot into OS to get the PCR
values and TPM eventlog for the further investigation.
To provide some hints, GRUB now dumps PCRs on policy fail, so the user
can check the current PCR
Sorry, I forgot to push an updated string before sending this patch.
Will send the updated patch later. Please ignore this one.
Gary Lin
On Tue, Dec 03, 2024 at 04:36:39PM +0800, Gary Lin wrote:
> PCR mismatching is one common cause of TPM key unsealing fail. Since the
> system may be compromised
PCR mismatching is one common cause of TPM key unsealing fail. Since the
system may be compromised, it is not safe to boot into OS to get the PCR
values and TPM eventlog for the further investigation.
To provide some hints, GRUB now dumps PCRs on policy fail, so the user
can check the current PCR
