Alex Wu

This is not unexpected. See https://github.com/google/go-tpm-tools/issues/141 for another example. Basically, this error means the event log located at `/sys/kernel/security/tpm0/binary_bios_measurements` failed to replay against PCR0 (BIOS measurements, including CRTM). It could...

I think the only mutating command you're running above is in creating the AttestationKey: `AttestationKeyRSA, err := client.AttestationKeyRSA(tpm)`. This is cached, however, and should not create a new one if...

Thanks for the suggestion! I'm assuming ReadSignatureDatabase is what we want? https://github.com/Foxboron/go-uefi/blob/3d898a764ffd5107102e161c276a8cca63bcb41e/efi/signature/signature_database.go#L155 We're essentially looking for functionality like https://github.com/rhboot/dbxtool, as we want to pull it from a dbx update file...

Thanks for the issue! Would you be able to attach the event log as well as the `tpm2_pcrread` outputs of 4 and 5?

Sure, I'll add it sometime this week.

> Discussed offline with Alex, for command tests we should probably switch to doing something like: > > ```go > // in cmd/open.go > var openTPM func() (io.ReadWriteCloser, error) =...

> Any plans on getting this rebased and merged? This would be very useful for me. I have forked go-tpm-tools to at least include the activation patch https://github.com/arianvp/go-tpm-tools Sorry this...

Thanks for bringing this to our attention! This would be a useful thing to have in the library. Unfortunately, I don't think it's as simple as merging the two event...

https://github.com/google/go-tpm-tools/pull/302

/gcbrun