22:25 <bamse> the gist of it is that the first NULL segment typically is the ELF header, the second one contains some certificate chain followed by a set of hashes, which is signed by the private certificates...the root in the certificate chain is hashed and burnt into qfprom, the chain is used to check that the hashes are untouched, and then when we call auth_and_reset the loaded content is compared with the hashes

22:26 <bamse> what i have seen is that devices that are not secure will complain but not fail if the root of the certificate chain doesn't match the qfprom bits

22:26 <bamse> but, i don't know if that's what you're seeing Mis012[m]

22:27 <Mis012[m]> bamse: the hypervisor has logging functions, any idea where those are routed?

22:31 <Mis012[m]> bamse: I believe the return value of the ssc_bringup function is logged

22:31 <konradybcio> there is some logging stuff inside XBL

22:31 <konradybcio> at least uefiplat.cfg suggests so

22:32 <Mis012[m]> knowing downstream, I wouldn't be too surprised to learn it's exposed as /dev/hyplog...

22:32 <konradybcio> there's something in /sys/kernel/debug

22:32 <konradybcio> tz_log iirc

22:32 <konradybcio> but it's not as fun as it sounds

22:33 <Mis012[m]> oh :(

22:33 <bamse> Mis012[m]: i suspect they might end up in the "tz_log", as konradybcio suggests

22:34 <bamse> Mis012[m]: unfortunately i believe one need some build artifacts to decode those logs

22:35 <Mis012[m]> bamse: where would those be if I had them?

22:36 <bamse> i wish i knew

22:45 <Mis012[m]> bamse: seems the string is in the end binary

23:23 <Mis012[m]> guess I'll try to sign it tomorrow