©ASUSTEK COMPUTER INC. ALL RIGHTS RESERVED.

holmes0 · ‎03-25-2023

BitLocker-API events from eventvwr report that "BitLocker determined that the TCG log is invalid for use of Secure Boot. ", also "BitLocker cannot use Secure Boot for integrity because the expected TCG Log separator entry is missing or invalid."

I looked into TCG log and found that after all EV_EFI_VARIABLE_DRIVER_CONFIG events comes EV_EFI_VARIABLE_AUTHORITY with signature from dbx (why?), then comes EV_SEPARATOR and then EV_EFI_VARIABLE_AUTHORITY again, this time valid one. This clearly breaks the TCG spec and makes PCR7 unusable. Windows automatic device encryption relies on PCR7.

I am using latest firmware for my Z690, v 2305. Already tried resetting secure boot keys, clearing tpm and so on. Nothing helps.

Here is the problematic part of PCR7 log (45C7C8AE750ACFBB48FC37527D6412DD644DAED8913CCD8A24C94D856967DF8E is present in dbx):

Spoiler

{
        "EventType": "EV_EFI_VARIABLE_AUTHORITY",
        "Digest": "4D4A8E2C74133BBDC01A16EAF2DBB5D575AFEB36F5D8DFCF609AE043909E2EE9",
        "Event": {
          "VariableGUID": "d719b2cb-3d3a-4596-a3bc-dad00e67656f",
          "VariableName": "db",
          "VariableData": {
            "SignatureOwner": "77fa9abd-0359-4d32-bd60-28f4e78f784b",
            "SignatureData": "45C7C8AE750ACFBB48FC37527D6412DD644DAED8913CCD8A24C94D856967DF8E"
          }
        }
      },
      {
        "EventType": "EV_SEPARATOR",
        "Digest": "DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119",
        "Event": "00:00:00:00"
      },
      {
        "EventType": "EV_EFI_VARIABLE_AUTHORITY",
        "Digest": "30BF464EE37F1BC0C7B1A5BF25ECED275347C3AB1492D5623AE9F7663BE07DD5",
        "Event": {
          "VariableGUID": "d719b2cb-3d3a-4596-a3bc-dad00e67656f",
          "VariableName": "db",
          "VariableData": {
            "SignatureOwner": "77fa9abd-0359-4d32-bd60-28f4e78f784b",
            "SignatureData": {
              "Handle": {
                "value": 3157257934544
              },
              "Issuer": "CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US",
              "Subject": "CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US",
              "SerialNumberBytes": {
                "Length": 10,
                "IsEmpty": false,
                "Span": null
              }
            }
          }
        }
      }

{ "EventType": "EV_EFI_VARIABLE_AUTHORITY", "Digest": "4D4A8E2C74133BBDC01A16EAF2DBB5D575AFEB36F5D8DFCF609AE043909E2EE9", "Event": { "VariableGUID": "d719b2cb-3d3a-4596-a3bc-dad00e67656f", "VariableName": "db", "VariableData": { "SignatureOwner": "77fa9abd-0359-4d32-bd60-28f4e78f784b", "SignatureData": "45C7C8AE750ACFBB48FC37527D6412DD644DAED8913CCD8A24C94D856967DF8E" } } }, { "EventType": "EV_SEPARATOR", "Digest": "DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119", "Event": "00:00:00:00" }, { "EventType": "EV_EFI_VARIABLE_AUTHORITY", "Digest": "30BF464EE37F1BC0C7B1A5BF25ECED275347C3AB1492D5623AE9F7663BE07DD5", "Event": { "VariableGUID": "d719b2cb-3d3a-4596-a3bc-dad00e67656f", "VariableName": "db", "VariableData": { "SignatureOwner": "77fa9abd-0359-4d32-bd60-28f4e78f784b", "SignatureData": { "Handle": { "value": 3157257934544 }, "Issuer": "CN=Microsoft Root Certificate Authority 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US", "Subject": "CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US", "SerialNumberBytes": { "Length": 10, "IsEmpty": false, "Span": null } } } } }

TPM PCR7 binding fails due to firmware breaking TCG spec