Bug report: TPM event-log is incorrect on Fusion 1...

douzebis · ‎05-27-2023

Please can somebody help with this issue?

A/ Product: VMware Fusion Player 13.0.2 (21581413)

B/ Guest OS : ubuntu-22.04.2-live-server-arm64

C/ Configuration of the Guest OS virtual machine : TPM enabled

D/ Issue : the TPM event log is incorrect for PCR #0 (for other PCR registers it is correct).

How to reproduce the issue :

1. Install Ubuntu tpm2-tools package

sudo apt-get install tpm2-tools

2. Read the value of PCR #0 (sha256) directly from the TPM:

sudo tpm2_pcrread sha256:0

=> returned value for PCR #0 (sha256):

0 : 0x785648C6609882151E53EBA170CED62E6D3DA80D4EEE909493374F6846A8CD25

3. Compute the value of PCR #0 (sha256) from the TPM event log:

sudo tpm2_eventlog /sys/kernel/security/tpm0/binary_bios_measurements

=> returned value for PCR #0 (sha256):

0 : 0x4666fea59753142fbd5598fd41fe0f09a6ad3dd76ba498795576a5afba74a8a4

4. The two returned values differ. (For the other PCR registers, the values match).

E/ Why issue is a problem: it is impossible to use Linux Integrity Measurement Architecture (IMA) on the guest OS.

F/ Additional information

The issue also occurs with guest ubuntu-23.04-live-server-arm64

The issue does not occur on different virtualization infrastructure that support TPM, such as GCP shielded VM.

Technogeezer · ‎05-28-2023

You might want to open an official support request on this. There’s no guarantee that anyone from VMware will act on anything reported here.

That being said, @Mikero , can you see what the engineering team thinks of this issue? It may impact Workstation as well as Fusion.

- Paul (Technogeezer)
Editor of the Unofficial Fusion Companion Guides

Bug report: TPM event-log is incorrect on Fusion 13 / guest Ubuntu 22.04