Description
Issue was renamed from symptom "Regenerating HOTP fails with "Unable to unseal HOTP secret" to "cbmem -L output with TPM1.2 under coreboot 24.12 segfaults" cause.
Please identify some basic details to help process the report
A. Provide Hardware Details
- What board are you using? (Choose from the list of boards here)
x230
-
Does your computer have a dGPU or is it iGPU-only?
- dGPU (Distinct GPU other then internal GPU)
- iGPU-only (Internal GPU, normally Intel GPU)
-
Who installed Heads on this computer?
- Insurgo (Issues to be reported at https://github.com/linuxboot/heads/issues)
- Nitrokey (Issues to be reported at https://github.com/Nitrokey/heads/issues)
- Purism (Issues to be reported at https://source.puri.sm/firmware/pureboot/-/issues)
- Novacustom (Issues to be reported at https://github.com/Dasharo/dasharo-issues)
- HardnenedVault (Issues to be reported at https://github.com/hardenedvault/vaultboot/issues)
- Other provider
- Self-installed
-
What PGP key is being used?
- Librem Key (Nitrokey Pro 2 rebranded)
- Nitrokey Pro
- Nitrokey Pro 2
- Nitrokey 3 NFC
- Nitrokey 3 NFC Mini
- Nitrokey Storage
- Nitrokey Storage 2
- Yubikey
- Other
-
Are you using the PGP key to provide HOTP verification?
- Yes
- No
- I don't know
B. Identify how the board was flashed
-
Is this problem related to updating heads or flashing it for the first time?
- First-time flash
- Updating heads
-
If the problem is related to an update, how did you attempt to apply the update?
- Using the Heads menus
- Flashrom via the Recovery Shell
- External flashing
-
How was Heads initially flashed?
- External flashing
- Internal-only / 1vyprep+1vyrain / skulls
- Don't know
-
Was the board flashed with a maximized or non-maximized/legacy rom?
- Maximized
- Non-maximized / legacy
- I don't know
-
If Heads was externally flashed, was IFD unlocked?
- Yes
- No
- Don't know
C. Identify the rom related to this bug report
-
Did you download or build the rom at issue in this bug report?
- I downloaded it
- I built it
-
If you downloaded your rom, where did you get it from?
- Heads CircleCi
- Purism
- Nitrokey
- Dasharo DTS (Novacustom)
- Somewhere else (please identify)
Please provide the release number or otherwise identify the rom downloaded
-
If you built your rom, which repository:branch did you use?
- Heads:Master
- Other (please identify)
-
What version of coreboot did you use in building?
{ You can find this information from github commit ID or once flashed, by giving the complete version from Sytem Information under Options --> menu} -
In building the rom, where did you get the blobs?
- No blobs required
- Provided by the company that installed Heads on the device
- Extracted from a backup rom taken from this device
- Extracted from another backup rom taken from another device (please identify the board model)
- Extracted from the online bios using the automated tools provided in Heads
- I don't know
Please describe the problem
Describe the bug
After Heads update (via the menu) regenerating HOTP secret fails with message that it fails to unseal the HOTP secret. But I'm regenerating it exactly because it (as expected) couldn't be unsealed after the update!
To Reproduce
Steps to reproduce the behavior:
- Fetch
heads-x230-hotp-maximized_usb-kb-v0.2.0-2731-gf572998.zipfrom CI. - Update Heads via the menu.
- Reboot the system after update, see "TOTP Generation Failed" message
- Choose "Generate new HOTP/TOTP secret"
- Confirm ("Yes")
- See QR code, confirm to "configure your HOTP USB Security dongle"
- See the message "Error PCR mismatch from TPM_Unseal"
Expected behavior
New secret written to the USB dongle (after the admin pin prompt).
Screenshots
Additional context
Add any other context about the problem here.