1218390 – "fdectl tpm-present" fails with the combination fdectl v0.7.2 / pcr-oracle v0.5.4

Bug 1218390 - "fdectl tpm-present" fails with the combination fdectl v0.7.2 / pcr-oracle v0.5.4

Summary: "fdectl tpm-present" fails with the combination fdectl v0.7.2 / pcr-oracle v0...

Status:	CONFIRMED

Alias:	None

Product:	openSUSE Tumbleweed
Classification:	openSUSE
Component:	Other (show other bugs)
Version:	Current
Hardware:	64bit openSUSE Tumbleweed

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Gary Ching-Pang Lin
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-12-24 18:25 UTC by Per Öberg
Modified:	2024-04-19 17:08 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Per Öberg 2023-12-24 18:25:18 UTC

At initial installation of tumbleweed fdectl v0.7.2 and pcr-oracle v0.5.4 are installed. 

Using this combination the command "fdectl tpm-present" fails with 

"
.
.
.
.
Excess argument(s)
Usage:
pcr-oracle [options] pcr-index [updates...]
.
.
.
.
"

when executing 
"pcr-oracle --algorithm sha256  --input /dev/shm/fde.LD7ot9/sealed_secret --output /dev/shm/fde.LD7ot9/recovered unseal-secret 0,2,4,7,9"


The problem is solved if for example pcr-oracle is downgraded to v0.5.2

Comment 1 Frank Krüger 2023-12-25 12:26:09 UTC

I can confirm the issue with TW20231222 and that downgrading pcr-oracle to version 0.5.2 solves it.

Comment 2 Frank Krüger 2023-12-25 17:15:55 UTC

JFYI: The issue starts with pcr-oracle-0.5.3-1.1.x86_64.

Comment 3 Andrei Dziahel 2024-01-02 19:02:07 UTC

Doesn't work for pcr-oracle 0.5.4 as well, see https://paste.opensuse.org/1f1bed46ac79

Comment 4 Frank Krüger 2024-02-21 22:17:13 UTC

@okir@suse.com: Is there any news/progress?

Comment 5 Samuel DENIS 2024-03-08 13:05:46 UTC

I have this problem with pcr-oracle 0.5.4 and fdectl 0.7.2.

Comment 6 Andrei Borzenkov 2024-04-18 17:56:39 UTC

pcr-oracle unsel-secret now needs "--target=platform=oldgrub" when using PCR list. Cc Gary Lin.

Comment 7 Gary Ching-Pang Lin 2024-04-19 07:02:04 UTC

It'd require the following patch plus a minor tweak in tpm_test().
https://github.com/openSUSE/fde-tools/commit/fcabeca594d090e4172b88ae5176c947b2dd7c45

I'll work on that.

Comment 8 Gary Ching-Pang Lin 2024-04-19 08:38:16 UTC

The fix is on the way to factory:
https://build.opensuse.org/request/show/1169081

Comment 9 Frank Krüger 2024-04-19 17:08:02 UTC

(In reply to Gary Ching-Pang Lin from comment #8)
> The fix is on the way to factory:
> https://build.opensuse.org/request/show/1169081

Works for me, thanks.